GPG Suite 2023.2

macOS 13.3 introduces changes to macOS Mail which require an update of the GPG Mail loader bundle. In order to continue using GPG Mail 7 on macOS 13.3, make sure to install this update of GPG Suite.

Adapts GPG Mail 7 to changes of Mail in macOS 13.3

  • Adds the new mailbundle UUID introduced in macOS 13.3 to GPG Mail 7

GPG Suite 2023.1

Draft saving and sending error on macOS 13.2

  • Under specific circumstances, saving a draft or sending a reply to an encrypted or sign message failed with an error that attachments are too large or that the message could not bet sent

GPG Mail 7.1 (macOS Ventura)


  • Automatic activation of GPG Mail with a support plan is now silent by default. The behavior can be configured via SupportPlanAutomaticActivationShowSuccessDialog and SupportPlanAutomaticActivationSuppressErrorDialog
  • Adds proper support for iCloud's Hide-My-Email addresses [#1137]


  • Fixes a problem where saving a draft or sending a reply to an encrypted or signed message was not possible when replying the successful activation dialog would be shown on every Mail launch in case automatic support plan activation was configured [#1135]
  • Fixes an error where Mail believed that public key for encryption were missing when continuing a draft and attempting to sending it not encrypted [#1133]

GPG Mail 6.3 (macOS Monterey)


  • Fixes a crash when using iCloud's Hide-My-Email addresses [#1137]
  • Fixes a problem where saving a draft or sending a reply to an encrypted or signed message was not possible when an S/MIME certificate was available, but the user switch the security method to "OpenPGP" [#1135]

GPG Keychain 1.12


  • Automatically converts OpenPGP key server URLs if the http(s) scheme is used instead of hkp(s) [#547]
  • Renames "Preferences" to "Settings" to match the new macOS Ventura style [#542]


  • Adds missing strings for "Yes" and "No" button when uploading a public key to a verifying key server [#543]

MacGPG 2.2.41


  • Integrates GnuPG 2.2.41 [#776]

GPG Suite 2022.2

GPG Mail 7 adds support for macOS Ventura

GPG Mail 7 is a paid upgrade. As a token of our appreciation we would like to offer you a 30% upgrade discount if you have already purchased a GPG Mail Support Plan in the past.

If you are not on macOS Ventura yet, feel free to keep using your current GPG Mail version with your active GPG Mail Support Plan for as long as you want.

Includes GnuPG 2.2.40

  • GnuPG 2.2.40 with the latest version of libksba fixes CVE-2022-3515. The libksba security bug affects mainly S/MIME which is not used by our tools. It also affects dirmngr however when used in combination with a web key directory.
  • Replaces the no longer active pool of with Ubuntu's hockeypuck based key server as optional fallback in GPG Keychain, when is configured but doesn't return any results for a key search.

GPG Mail 7.0 (macOS Ventura only)


  • Adds compatibility for macOS Ventura [#1125]


  • Fixes a problem where the successful activation dialog would be shown on every Mail launch in case automatic support plan activation was configured
  • Alerts the user to manually close Mail in order for the GPG Mail Upgrader to complete in case Mail can't be closed automatically. This most often occured when a modal dialog blocked Mail from closing

GPG Keychain 1.11


  • Uses Ubuntu's hockeypuck keyserver as optional fallback in case a key search leads to no results from and that is configured as default keyserver [#763]


  • Pinentry is no longer shown when creating a new key

GPG Services 2.5


  • Improves error message when decryption fails due to a missing secret key


  • Fixes a problem where previously selected keys were not shown on top of the key list [#286]

MacGPG 2.2.40


  • Integrates GnuPG 2.2.40 [#773]
  • Upgrades Libksba to version 1.6.2 which fixes CVE-2022-3515

Libmacgpg 1.5.1


  • Uses Ubuntu's hockeypuck keyserver as optional fallback in case a key search leads to no results from and that is configured as default keyserver [#187]


  • Fixed a problem where Pinentry was launched during key generation in some cases, even though a passphrase-fd was specified. This resulted in an additional Pinentry request when creating a new key [#186]

GPG Suite 2022.1

Includes GPG Mail 6.2 which is required for macOS 12.3. If you are running macOS Monterey, this upgrade is necessary to keep using GPG Mail without interruption.

GPG Mail 6.2 (macOS Monterey)


  • Adds compatibility for macOS 12.3 [#1110]


  • Fixes a problem where GPG Mail could be removed after an OS upgrade. Now the GPG Mail Upgrader is run to re-enable it again [#1109]
  • Fixes a problem where Mail in some cases would show a random error message during composing [#1108]
  • Fixes an issue around BCC usage [#1118]
  • Fixes a problem where sign and encrypt status might not match the user's last decision when continuing to edit an encrypted draft which is to be sent out from a sender address for which no OpenPGP key is available [#1114, #1115, #1116, #1117]

GPG Keychain 1.10


  • New square app icon to match icon style on macOS Big Sur and later [#526]

GPG Services 2.4


  • Always show the signer's fingerprint in case verified data was signed with an untrusted key [#281]


  • Fixes a problem where encrypting with password and signing at the same time could result in an error message [#276]
  • Fixes a problem where incorrect number of selected keys could be shown below key list

MacGPG 2.2.34


  • Integrate GnuPG 2.2.34 [#766]

Libmacgpg 1.5


  • Better dialogs concerning key expiration

GPG Suite 2021.3

Includes GPG Mail 6.1 which is required for macOS 12.1

Revamp of the GPG Services verification UI

  • New icons make it easier to distinguish between untrusted and trusted signatures of signed files
  • Trusted signatures show a green checkmark
  • Untrusted signatures (created with untrusted keys) show a yellow checkmark
  • Invalid or otherwise broken signatures use red color coding

GPG Mail 6.1 (macOS Monterey)


  • Adds compatibility for macOS 12.1


  • Fixes a problem where Thunderbird would display an empty message under specific circumstances [#1103]
  • Fixes a problem on macOS 12.1 where Mail would crash when composing a new message [#1104] [#1107]

GPG Services 2.3


  • Revamped verification UI [#266]

GPG Suite 2021.2

GPG Mail 6 adds support for macOS Monterey

GPG Mail 6 is a paid upgrade. As a token of our appreciation we would like to offer you a 30% upgrade discount if you have already purchased a GPG Mail Support Plan in the past.

If you are not on macOS Monterey yet, feel free to keep using your current GPG Mail version with your active GPG Mail Support Plan for as long as you want.

GPGMail 6.0 (macOS Monterey)


  • Support for macOS Monterey


  • No longer displays the remote content banner if remote content is detected [#1097]

GPG Keychain 1.9


  • Fixes sorting key list by creation and expiration date [#523]

GPG Suite Preferences 2.6


  • Fixes a crash when users where asked if they wanted to remove the default GPGTools gnupg comment [#120]

MacGPG 2.2.32


  • Integrate GnuPG 2.2.32 [#760]


  • Fixes a failure when connecting to [#758]

GPG Suite 2021.1

Support for Apple Silicon completed

  • The previous release of GPG Suite included optimized versions of all our Apps and Services for Apple Silicon
  • This release includes a MacGPG version optimized for Apple Silicon as well
  • Rosetta 2 is no longer required to use GPG Suite

GPGMail 5.1 (macOS Big Sur, Catalina & Mojave)


  • Introduces flattened colors for the OpenPGP and S/MIME security method picker to better fit the look of macOS Catalina and Big Sur
  • Shows the security method picker as a toolbar icon if the window is too narrow
  • Automatically change security method based on senders OpenPGP keys or S/MIME certificates [#1087]


  • Sending a signed email with an empty body could lead to a crash [#1079]
  • The security method picker now properly pre-selects the configured default security method [#1078]
  • Fixes a problem where custom wildcard based key mappings were not properly applied [#1080]
  • Workaround a problem where users running Antidote Mail plugin did not see GPG Mail loader and could not load GPG Mail [#1077]
  • Fixes keyboard shortcuts to toggle between S/MIME and OpenPGP [#1085]
  • Fixes a problem where under rare circumstances remote content would be loaded [#1086]

GPG Keychain 1.8


  • Centered toolbar icons in preferences window on Big Sur [#520]


  • Fixes a problem where custom column order was not saved [#518]

GPG Services 2.2


  • The password dialog necessary for encrypting messages or files with a password is now integrated into the main GPG Services window rendering the two separate dialogs previously used obsolete [#270]


  • Fixes a problem where the main window was not shown when Do Not Disturb (DND) was active [#272]
  • Fixes the scrolling performance of key lists [#275]
  • Fixes a rare problem where too many lines were shown on key import, resulting in the dialog growing too large to fit on the screen [#274]

MacGPG 2.2.27


  • Full support for Apple Silicon [#751]


  • Integrate GnuPG 2.2.27 [#754]
  • Integrate Pinentry 1.1.1 [#756]


  • Properly fetches certificates from macOS keychain to establish SSL/TLS connections [#752]
  • Fixes broken key auto-retrieve mechanism [#752]

GPG Suite 2020.2

GPG Mail 5 adds support for macOS Big Sur

GPG Mail 5 is a paid upgrade. As a token of our appreciation we would like to offer you a 30% upgrade discount if you have already purchased a GPG Mail Support Plan in the past.

If you are not on macOS Big Sur yet, feel free to keep using your current GPG Mail version with your active GPG Mail Support Plan for as long as you want.

Native Support for Apple Silicon

  • All of our Apps and Services are optimized for Apple Silicon
  • MacGPG will launch in Rosetta 2 compatibility mode for now but should be available soon

GPGMail 5.0 (macOS Big Sur, Catalina & Mojave)


  • Support for macOS Big Sur
  • Native support for Apple Silicon


  • Optimized the regular expression engine to catch messages that might have been unrecognized before

GPG Keychain 1.7


  • New icons for macOS Big Sur


  • Make sure the verified key server fallback to sks keyservers works on newer macOS versions [#513]
  • Added an error message with additional context when a user tries to import corrupted data [#509]


  • Ensure name and email are pre-filled when creating a key on Big Sur [#514]
  • Fixes a problem where dragging a key to desktop would not result in an exported file [#512]
  • Fixes a potential lockup when a key search was initiated [#510]

GPG Services 2.1


  • 'Show in Finder' option is now part of the verification results dialog [#262]

GPG Suite Preferences 2.4


  • Fixes and adjustments for macOS Big Sur [#116]

MacGPG 2.2.24


  • Integrate GnuPG 2.2.24 [#749]

GPG Suite 2020.1

GPG Mail 4 adds support for macOS Catalina

GPG Mail 4 is a paid upgrade. As a token of our appreciation we would like to offer you a 30% upgrade discount if you already have an active GPG Mail 3 Support Plan.

If you are not yet on macOS Catalina feel free to keep using GPG Mail 3 with your active GPG Mail 3 Support Plan for as long as you want.

Native system notifications for GPG Services

  • GPG Services is now using system notifications to alert users when an operation has been completed.
  • By default notifications will remain on the screen until the user has reacted to them. They can be configured to automatically disappear however by switching to 'Banner Style' in 'System Preferences › Notifications › GPG Services'
  • System notifications greatly improve the experience of GPG Services and we hope you take advantage of the possibilities to tailor the notifications to your specific needs.
  • Alert dialogs are used as a fallback if system notifications are in "Do Not Disturb"-mode
  • Notifications for GPG Services are only available on macOS 10.14 and later.

GPGMail 4.1 (macOS Catalina, Mojave & High Sierra)


  • Display a tooltip when no signing key is available - it’s now much easier to find out why signing is not possible. While previously the encrypt and sign buttons would disappear, they now remain visible and when you hover over the sign button a tooltip with details why you can't sign, appears [#1060]
  • Adds a space between the security header title and the signature icon when viewing signed messages [#1068]


  • Includes a workaround for a bug in macOS Catalina which resulted in message content for partly signed / encrypted messages being cut off (scrolling was disabled) [#1057]
  • Fixes a problem where switching security method had no effect on the security method used to protect messages that were sent. Instead outgoing messages were always protected using the default encryption method configured. [#1058]
  • Fixes a bug where the Mail plug-in manager would not open if other bundles were installed alongside GPG Mail [#1056]
  • Re-ordered keyboard shortcuts for the encrypt and sign buttons: use ⌥⌘Y to toggle the encrypt button and ⌥⌘X to toggle the sign button [#1067]
  • The security method chosen to be used while composing a draft is properly restored when the users continues to edit the draft [#1061]
  • Picks up GnuPG key ring changes again on macOS Catalina, so it is not necessary to re-start Mail if a new key is imported [#1059]
  • Fixes a problem where GPG Mail 3 was not installed when the user customized their installation [#1069]
  • Adds the option to switch support plan in Mail › Preferences › GPG Mail [#1064]
  • Shows a better error message when a user tries to activate GPG Mail with a support plan that has been previously disabled [#1071]

GPG Keychain 1.6


  • When creating a new key, GPG Keychain now checks if a valid secret key already exists for that email and will warn users, before creating a second key for the same email [#476]
  • Search results for sks key servers show long key ID [#496]
  • Passphrase verification is now mandatory during key creation or when changing the passphrase of an existing key [#441]
  • Customized sorting options for signatures and subkeys tabs are now properly restored after restart [#505]
  • When checking for key updates on the key server, key updates are also fetched from the sks key servers when the fallback option is enabled [#507]


  • Always open key details on the same screen where the main app is displayed [#506]
  • Fixes a bug where scrolling search results from the sks key servers could be laggy [#495]
  • Fixes a bug on Catalina where exported keys could end up with the wrong file name and located in the folder above the actual destination folder [#502]
  • Reduces the number of keys displayed in the success dialog for large key imports in order to make sure that the dialog is not cut off [#504]
  • In search results from sks key servers the first valid key is now pre-selected, independently from the creation date. Before the first result would be pre-selected regardless of its validity [#480]

GPG Services 2.0


  • Alert users of compeleted operations using macOS system notifications [#258]


  • Improves the error message for signatures using a public key, which has been revoked [#260]
  • Limits the width of dialogs to prevent the window to grow too large when keys with very long emails or names are involved [#259]

GPG Suite Preferences 2.3


  • Remembers information entered in "Send Report" in case System Preferences is closed before a report was submitted [#109]
  • Name in the "Send Report" form is pre-filled to make submitting a problem even easier [#112]

MacGPG 2.2.20


  • Integrate GnuPG 2.2.20 [#742]


  • Fixes a problem where pinentry would store an empty passphrase which then resulted in decrypt operations being aborted immediately without asking the user for the passphrase [#740]
  • Fixes a bug where pinentry would show two overlapping password fields instead of just a single one [#741]
  • Fixes the key server check for ldap key servers in Libmacgpg [#178]

GPG Suite 2019.2

Support for macOS Catalina

  • GPG Mail 4 is available now – with official support for macOS Catalina.
  • GPG Mail 4 is a paid upgrade. See FAQ for upgrade conditions. On macOS Mojave and macOS High Sierra, users can choose to keep using GPG Mail 3

GPGMail 4.0 (macOS Catalina, Mojave & High Sierra)


  • Support for macOS Catalina [#1039]


  • Deactivate GPG Mail Support Plan in Mail › Preferences › GPG Mail in order to activate it on a different device [#1033]
  • If the public key required to verify a signed message is missing, show its fingerprint instead of its short ID [#1042]


  • Properly verify detached signatures for attachments again [#1053]
  • Add proper dark mode support to the attachment signature view [#1054]

GPG Suite Preferences 2.2.1


  • Add compatibility and dark mode for macOS Catalina [#110]

MacGPG 2.2.17


  • Workaround for Apple bug rdar://50789571 where macOS keychain entries were deleted by macOS under some circumstances. Apple fixed this problem in macOS Catalina. For macOS Mojave and macOS High Sierra we now prevent that the keychain item is deleted [#729, #730]
  • Pinentry icon was updated for retina resolution. Also fixes transparency issues on macOS Catalina [#737]

GPG Suite 2019.1

New default key server

  • 2019.1 introduces (hagrid) as the new default key server.
  • provides better performance and will better protect your privacy by giving you control over the data being published. Searches via email will only return keys for which the associated email addresses have been previously verified. More details in our Knowledge Base Article.

Update GnuPG to 2.2.17 which includes mitigations against recent key server attacks

    GPGMail 3.2.1 (macOS Mojave & High Sierra)


    • If keys for either security method are available (OpenPGP / SMIME), always prefer the configured default security method [#975]
    • If more than one signing key is available for the same email address, the selected signing key is properly re-selected when users continue editing a draft [#1044]
    • Disable encryption button if all recipient fields are empty [#1048]


    • Fixes a bug in macOS Mail where Mail would not start up if there were problems with creating the DataVaults folder [#1022]
    • Fixes a crash which occurred when the user started to write a new message and the GPG Mail trial had already expired [#1046]
    • Fixes a crash which might be caused by an expired S/MIME certificate [#1047]
    • Fixes an issue where an email was sent encrypted only to the sender themselves instead of the recipients, if the first attempt at sending the email failed [#933]
    • Fixes a problem where Mail would say that it has not "finished finding public keys" when attempting to send an encrypted message [#976]
    • Fixes a problem where canceling a pinentry passphrase request could result in a message being lost [#998]
    • Fixes a problem where Mail would complain about not having keys for all recipients, if the reply-to field was in use [#970]
    • Fixes a problem where „Report Problem“ would not open the "Send Report" tab in System Preferences > GPG Suite [#1026]
    • Fixes an issue with the warning about sending an unencrypted reply to an encrypted message if a reply was saved and later continued [#1041]
    • Fixes an issue where messages where sent without signature if the signing key resided on a smart card which was not plugged in at the time [#867]
    • Fixes an issue where GPG Mail would display a random error message while writing a message (MCMailErrorDomain error 1030) [#999]

    GPGMail 2.8.2 (macOS Sierra)


    • Fixes an error where attachmens wouldn't be displayed if the message was signed. [#1019]

    GPG Keychain 1.5


    • New retina icons [#481]
    • Use as default key server [#483]
    • Limit search field to a single line of text [#469]
    • Improved sorting the key list by validity [#472]


    • Fixes a problem where a key could not be exported on macOS Catalina [#488]
    • Fixes an issue where changing the key server would lead to a crash [#474]

    GPG Services 1.12


    • Remember sorting settings [#253]
    • Show fingerprint instead of shortID in verification results [#242]
    • Allow encrypting messages even if the user doesn't have a secret key [#89]


    • Remove pre-defined shortcuts for all service menu items to avoid conflicts with other software shortcuts [#250]

    GPG Suite Preferences 2.2


    • Improve legibility in „Send Report“ when using dark mode [#105]

    MacGPG 2.2.17


    • Integrate GnuPG 2.2.17 [#733]
    • Update Libgcrypt to 1.8.4 [#720]
    • Use as new default key server [#736]
    • Allow import of keys without a userID to fully support updates from [#734]

    GPG Suite 2018.5

    GPGMail 3.0.1 (macOS High Sierra & macOS Mojave)


    • Various improvements concerning the activation of GPG Mail Support Plan


    • Inline PGP signatures are verified again
    • Message from PGP Desktop or gpg4o were in some cases not decrypted [#1012]
    • Changes introduced by Apple in 10.14.1b3 to mitigate efail lead to crashes – reminder: if you rely on GPG Mail, please stay on the stable release channel of macOS [#1013]
    • Under certain conditions Mail could crash if a message was already being force fetched [#1014]
    • The button to "Load Remote Content" would sometimes disappear [#1016]

    GPGMail 2.8.1 (macOS Sierra)


    • Mail could crash when trying to verify a PGP signed message [#1003]
    • Fixes a crash in GPG Mail which was caused by an empty subject [#1005]

    GPG Keychain 1.4.6


    • Dark Mode support on macOS Mojave [#468]
    • More detailed validity ownertrust indicators [#314]
    • Added specific dialog when removing a local signature from a key [#467]


    • Using brackets in name field during key creation, resulted in that portion being moved to the comment field [#457]
    • Increased contrast of explanatory text in signing dialog on macOS Mojave [#466]

    GPG Services 1.11.6


    • Refined details like window title [#248]
    • Added a headline for the recipient selection [#248]
    • Same names for columns as in GPG Keychain [#248]
    • Default columns now include the fingerprint [#248]
    • GPG Services now checks the content instead of the extension to decide which operation to apply. Key data will be imported, encrypted content will be decrypted and signed content will be verified [#201]


    • GPG Keychain and GPG Services now share the same design for the validity column [#238]

    GPG Suite Preferences 2.1.4


    • Set cache time of SSH in addition to "normal" cache time [#98]
    • Dark Mode support on macOS Mojave


    • Potential crash due to KVO loop in connection with password cache [#103]

    Libmacgpg 0.8.7


    • Custom key servers were not added to key server list [#167]
    • Do not return wrong error code when pinentry is cancelled [#168]
    • "Decrypting" a clear-signed message did not work [#170]
    • Makes sure Paddle ( is only contacted for support plan activation

    GPG Suite 2018.4

    Introducing GPG Mail 3 for macOS Mojave and High Sierra

    macOS Mojave is just around the corner and we couldn't be more stoked about telling you, that GPG Mail is ready.
    For the best user experience, it is advised to install this release before upgrading to macOS Mojave. Otherwise you will have to manually enable GPG Mail after the upgrade.

    For those of you who have been following us for a long time it might not come as much of a surprise, that after almost ten years of developing GPG Suite, we have decided to start charging a fee for continued use of GPG Mail.
    After the installation of this update you will be able to test GPG Mail for another 30 days. After the trial period is over, you will still be able to decrypt incoming messages, but in order to verify and encrypt new messages, a GPG Mail Support Plan is required.
    We hope you understand our decision and keep supporting us.

    macOS 10.14 Mojave Support

    • GPG Mail 3 supports macOS 10.14 Mojave from day one. Enjoy secure communication on Apple's latest and greatest (remains to be seen) macOS.

    Never have one of them pesky keys expire on you again

    • GPG Keychain and GPG Mail will warn you four weeks before your key is about to expire. Never worry about expiring keys again, we've got you covered! Extending your key with one simple click has never been easier.

    GPG Mail 3.0


    • Introduces proper support for PGP-Partitioned messages from PGP Desktop [#991]


    • Messages that went through MS exchange servers could trigger Mail to crash. This was - by far - our number one crasher and it is now a thing of the past [#977]
    • Messages containing only encrypted attachments but not encrypted text were falsely displayed as partly encrypted [#986]
    • In some cases, PGP/MIME encrypted and signed message recognized as partly encrypted did not show a signature [#987]
    • PGP/MIME messages within a message/rfc822 mime part (inline) were not decrypted [#992]
    • Re-added support for embedded filenames [#990]
    • Inline PGP messages from Mailvelope were displayed as partly encrypted / partly signed [#989]
    • A message's subject line could be manipulated to look like the message was signed when it was not. Credit for this finding goes to Hanno Böck (@hanno) [#1001]

    GPG Mail 2.8 (Sierra only)


    • All fixes from GPG Mail 3 were back ported for version 2.8

    GPG Keychain 1.4.5


    • Inform users of keys about to expire and provide simple option to extend them [#59]
    • New password strength indicator - color codes and smarter indicator for password strength [#442]
    • Updated message during key generation [#455]
    • In order to prevent users from leaking their secret key, if a key pair is exported, the secret key is always listed first. That makes it easier to catch that mistake [#452]


    • During key creation, only active email addresses are suggested [#446]
    • German umlaute were not properly encoded in key searches [#460]

    GPG Services 1.11.5


    • Remember status of "Sign", "Add to Recipients" and "Encrypt with Password" options [#128]
    • When a message or file can not be decrypted due to a missing secret key, the error message now shows the key ID of the required key. That makes it much easier to understand why decryption would not work and to determine wether the correct key was used for encryption [#195]
    • When a message or file can not be verified because the required public key does not exist, the error message now shows the key ID of the required key [#246]

    MacGPG 2.2.10


    • Updated to GnuPG 2.2.10 [#718]


    • Using in resolv.conf could prevent dirmngr from resolving the IP addresses of keyservers [#717]

    GPG Suite 2018.3

    Security Update

    This releases addresses EFAIL on macOS Sierra and includes a fix for SigSpoof.
    SigSpoof is an exploit affecting GnuPG < 2.2.8 which allowed an attacker to fake any signature under special circumstances. GPG Suite never used the --verbose option of GnuPG by default, so unless 'verbose' was manually added to gpg.conf , our users should have been unaffected by this vulnerability. Mitigations included in 2018.3 make sure that even users with the 'verbose' option in their gpg.conf are no longer affected.

    EFAIL mitigations in GPGMail (10.13 and 10.12 only at the moment)

    • Remote content is no longer loaded within encrpyted messages
    • If a message contains more than one encrypted part only the first part is decrypted
    • In case of mixed content (plain content and encrypted content), the plain content is isolated
    • Additional mitigations for S/MIME since unfortunately Apple has yet to completely fix EFAIL

    Mitigations against SigSpoof

    • GnuPG was upgraded to 2.2.8
    • In order to fix older versions of GnuPG --no-verbose is always added to the arguments passed to GnuPG by Libmacgpg

    GPGMail 3.0b7 (10.13 only)


    • Allows decryption of messages or attachments without integrity protection if explicitly required by the user [#982]


    • Adds error strings for attachments without integrity protection

    GPGMail 2.7.3 (10.12 only)


    • EFAIL mitigations for GPGMail [#983]
    • Allows decryption of messages or attachments without integrity protection if explicitly required by the user [#982]

    GPG Keychain 1.4.4


    • Fingerprint is evenly spaced again [#454]
    • Make sure if a fingerprint is copied it is properly formatted [#454]
    • Text for "Delete key" checkbox was not properly displayed on macOS 10.9 [#449]

    GPGServices 1.11.3


    • Re-allow decryption of text and files without integrity protection [#245]
    • Display a big warning dialog if a user attempts to decrypt text or files without integrity protection (missing MDC) [#245]


    • Encryption of large files got stuck on macOS 10.13 [#244]

    MacGPG 2.2.8


    • Updated to GnuPG 2.2.8 which includes fixes for SigSpoof [#716]
    • Update Libgcrypt to 1.8.3

    Libmacgpg 0.8.5


    • Use separate file handles for GnuPG error and status output (mitigation against SigSpoof) [#164]
    • Always pass --no-verbose to GnuPG (mitigation against SigSpoof) [#164]
    • Allow the decryption of PGP data without integrity protection if forced to do so

    GPG Suite 2018.2

    Security Update

    This releases addresses EFAIL, an exploit of a weakness in the OpenPGP standard and the handling of mixed content – encrypted content and plain content in the same message – in macOS Mail, GPGMail, as well as other OpenPGP plugins, which could help an attacker in posession of a target's encrypted messages to extract their content once decrypted. (

    EFAIL mitigations in GPGMail (10.13 only at the moment)

    • Remote content is no longer loaded within encrpyted messages
    • If a message contains more than one encrypted part only the first part is decrypted
    • In case of mixed content – plain content and encrypted content – the plain content is isolated
    • Additional mitigations for S/MIME since unfortunately Apple has yet to completely fix EFAIL

    Native GPG Suite update notifications

    • The GPG Suite updater uses native macOS notifications now to alert the user of updates
    • That means you will no longer be interruped in the middle of your work (or talk - sorry Edward Snowden at 34C3)

    Revamped key signing dialog

    • The GPG Keychain dialog to sign a key has been vastly improved
    • It is now easier to sign your friends keys after you have verified them (thanks DKG for the input)

    GPGMail 3.0b6 (10.13 only)


    • EFAIL mitigations for GPGMail [#981]
    • Better support for iPGMail messages [#964]
    • Signatures created by subkeys now show the subkey fingerprint in the signature details
    • The signature details window was completely revamped [#619]


    • Crash that might occur when a message looked like a MS Exchange modified PGP/MIME message as well as a Pseudo-PGP/MIME message at the same time [#978]
    • Attachments containing a detached signature are no longer erroneously recognized as encrypted attachment [#958]
    • Attachments in the .doc format could in some rare cases not be displayed [#974]
    • PGP Data within a S/MIME signed message was not decrypted properly [#973]
    • GPGMail health indicator design (in Preferences) adjusted to match macOS High Sierra's appearance [#968]
    • Improved handling of MDC errors [#980]

    GPGMail 2.7.2 (10.12 only)


    • Signatures created by subkeys now show the subkey fingerprint in the signature detail
    • The signature details window was completely revamped [#619]


    • Improved handling of MDC errors [#980]

    GPGMail 2.6.5 (10.9 - 10.11)


    • Signatures created by subkeys now show the subkey fingerprint in the signature details
    • The signature details window was completely revamped [#619]


    • Improved handling of MDC errors [#980]

    GPG Keychain 1.4.3


    • Revamped the key signing dialog [#282]
    • Default key server is now sks key server pool when no defaul key server is set [#445]
    • Warning message about password length improved [#438, #436]
    • Added tooltip for the key's "Disable" option [#443]


    • Option to include secret key during key export was not always shown [#439]

    GPG Suite Preferences 2.1.2


    • Email is pre-filled in "Send Report" when user entered an email in the Crash Reporting option [#99]
    • When no key server is set, sks key server pool is used as default [#101]

    GPGServices 1.11.3


    • GPGServices again works as expected with Microsoft Office 2016 and TorBrowser [#235]
    • Encryption of large files got stuck on macOS 10.13 [#244]

    MacGPG 2.2.7


    • Updated to GnuPG 2.2.7 [#713]
    • Enables the internal CCID driver for smart card access [#707]
    • Adds support for key servers protected by HTTP basic auth [#712]

    Libmacgpg 0.8.4


    • Use the hkps sks key server pool by default if no key server is set [#159]


    • Aborts decryption and doesn't return decrypted data if MDC is missing or corrupted (mitigation against efail)
    • Do not allow unencrypted plaintext in an encrypted message to prevent encryption spoof [#162]
    • Do not throw an error when encrypting symmetrically and there's no pubring [#160]
    • LDAP server search now shows name and email and not only key id [#158]

    GPG Suite 2018.1

    Message loading fixes for GPGMail on High Sierra

    • Resolves a problem where messages where no longer being loaded in some cases until Mail was restarted

    GPGMail 3.0b4 (10.13 only)


    • In some cases Mail would no longer load new messages from the server due to a deadlock [#967]

    GPG Suite 2017.3

    Important bug fixes for MacGPG

    • Resolves a problem where dirmngr might have crashed during a key server search if a different keyserver than the default was used (
    • Resolves a problem where a custom GnuPG installation was preferred to GPG Suite's MacGPG which might have lead to a variety of issues (passphrase not accepted...)

    S/MIME fixes for GPGMail on High Sierra

    • Resolves a problem where a message was encrypted using OpenPGP instead of S/MIME, regardless of user preference

    GPGMail 3.0b3 (10.13 only)


    • In some cases messages were encrypted using OpenPGP instead of S/MIME, even though S/MIME was selected [#962]
    • Selecting S/MIME as security method might have prevented messages from being sent [#961]

    GPG Keychain 1.4.2


    • Adjust maximum for allowed passphrase length to 255 characters, following GnuPG 2.2's default [#437]

    MacGPG 2.2.3


    • Resolves a problem where dirmngr might have crashed during a key server search if a different key server than the default was used ( [#702]

    Libmacgpg 0.8.2


    • Resolves a problem where a custom GnuPG installation was preferred to GPG Suite's MacGPG which might have lead to a variety of issues (passphrase not accepted...) [#157]

    GPG Suite 2017.2

    Second Beta of GPGMail 3.0 for macOS High Sierra

    • Fixes an often occuring bug, where an encrypted message was not properly decrypted or was displayed as empty.
    • Includes compatibility improvements for macOS 10.13.2.
    • With the release of GPGMail 3.0 stable, we will start charging a small fee for GPGMail to deliver more timely updates and even better user support in the future.
    • This beta will expire once GPGMail 3.0 stable is released.

    Upgrades GnuPG from 2.2 to the new version 2.2.3

    Important bug fixes for GPG Keychain and GPGServices

    • Resolves a hang in GPGServices, which was triggered when verifying specific messages.
    • Fixes a bug in GPG Keychain (Libmacgpg), which resulted in key server searches failing or working key servers to be considered malfunctioning.

    GPGMail 3.0b2 (10.13 only)


    • GPGMail now detects inline PGP in incoming messages. [#945]


    • GPGMail icon appeared twice in Preferences in some cases. [#943]
    • Messages containing PGP data were not properly processed and displaying no content as a result. [#952]
    • Canceling a pinentry request upon sending a message crashed GPGMail. [#944]
    • GPGMail no longer crashes when a draft is saved and no sender information is available. [#955]
    • GPGMail no longer tries to encrypt drafts when no secret key is available, which resulted in a faulty error message. [#951]
    • While composing a draft S/MIME was incorrectly selected when OpenPGP should have been the default. [#953]
    • GPGMail no longer locks in a recursive loop when MailTags is installed and drafts are re-opened. [#948]
    • GPGMail correctly detects and ignores winmail.dat files when Letter Opener is installed. That means Letter Opener again works as expected and can co-exist with GPGMail. [#950]

    Known Issues

    • If an error happens while trying to send a PGP signed or encrypted message, no error alert will be shown. This is related to a bug in Mail for High Sierra which we have filed with Apple (rdar://22828028).
    • If an address is entered into the Reply-To field for which no public key is available, it's not possible to encrypt a message. This is related to a bug in Mail for High Sierra which we have filed with Apple (rdar://33886415).

    GPG Keychain 1.4.1


    • Improved key server check. [#427]
    • Dialog when generating revocation certificate has been tweaked: option to export sec key is removed. [#425]


    • On High Sierra GPG Keychain did not jump to the newly created key in the key list once key creation is done. [#431]
    • Problem when uploading the public key of a sec/pub key resolved and confirmation dialog for that case now shown as expected. [#433, #434]

    GPG Suite Preferences 2.1.1


    • Text fields in 'Send report' are now scrollable. [#97]

    GPGServices 1.11.2


    • Using GPGServices often times resulted in a hang. This has been fixed. [#241]

    MacGPG 2.2.3


    • Updated to GnuPG 2.2.3. [#701]
    • Adds code-signing to all GnuPG binaries [#700]

    GPG Suite 2017.1

    First Beta of GPGMail 3.0 for macOS High Sierra

    • We are happy to announce beta support for macOS High Sierra from day one. Find more details below.
    • With the release of GPGMail 3.0 stable, we will start charging a small fee for GPGMail to deliver more timely updates and even better user support in the future.
    • This beta will expire once GPGMail 3.0 stable is released.

    Stable version of GPGMail for macOS Sierra

    • All major blockers have been resolved and GPGMail for macOS Sierra is now considered stable.

    Upgrade GnuPG from 2.0 to the new version 2.2

    • On first use, your keys will be upgraded to the new format used in GnuPG 2.2. As a safety measure a backup of your keys will be created prior to migrating to GnuPG 2.2.0. Based on the size of your keyring the installation may take longer.
    • Smartcard users, please have a look at 2.2 migration for smartcard users.

    Crash Reporter for GPGMail

    • When GPGMail crashes you will be asked whether or not you want to send us the crash report. These crash reports will help us to quickly identify and fix issues in GPGMail.
    • If you add an email address in GPG Suite Preferences we will even be able to contact you to ask for further details and you can disable the crash reporter at any time.

    GPG Keychain no longer allows to upload public keys that are not yet available on the key servers

    • This change was introduced in order to avoid leaking public keys for users that might actively choose to not have their gpg keys published on key servers

    GPGMail (10.13 only) 3.0b1

    macOS 10.13 High Sierra beta

    • Since this is a beta, crashes or unreliable behavior are expected.

    Known Issues

    • Messages may not always be decrypted automatically. De-select and re-select as a workaround
    • Mail might crash when trying to decrypt specific messages
    • Some PGP signed messages might fail to verify.
    • If an error happens while trying to send a PGP signed or encrypted message, no error alert will be shown. This is related to a bug in Mail for High Sierra which we have filed with Apple (rdar://22828028)
    • If an address is entered into the Reply-To field for which no public key is available, it's not possible to encrypt a message. This is related to a bug in Mail for High Sierra which we have filed with Apple (rdar://33886415)

    GPGMail (10.12 only) 2.7

    Stable version of GPGMail for macOS 10.12 Sierra

    • All major blockers have been resolved and GPGMail for macOS Sierra is considered stable.


    • When attempting to forward the decrypted version of an encrypted message, the user will see a warning. [#870]
    • Detection of PGP/MIME encrypted messages is more lenient towards Avast modifications. [#921]
    • Properly handles PGP attachments with mime type text/plain and application/pgp (Mailvelope). [#939]
    • Display pseudo-PGP/MIME messages from iPGMail as proper PGP/MIME messages. [#929, #938]
    • Properly detects PGP data now where the PGP marker has whitespace after -----BEGIN PGP MESSAGE-----. [#924]
    • Forces to re-download the complete message a signed PGP/MIME message is detected in order to fix verification issues. [#914]


    • The selected key is now used for signing when more than one key is available for the sender address. In previous betas a random key was used. [#895]
    • In gpg.conf group option now works as expected on macOS Sierra. [#903]
    • Properly detect MS Exchange modified PGP/MIME encrypted messages again. [#915]
    • Canceling the pinentry request for signing upon sending a message may have lead to unexpected behavior. [#873, #902]
    • Pinentry now only asks a single time when re-opening an encrypted draft and canceling the dialog. [#893]
    • If Mail Act-On was active, messages would not be encrypted. Mail Act-On and GPGMail once again peacefully co-exist. [#888]
    • Drafts could be encrypted twice resulting in drafts showing an encrypted.asc file when re-visited. [#866]
    • Tooltips for sign and encrypt buttons are working again on macOS Sierra. [#916]
    • Keyboard shortcuts for encrypt and sign buttons are working again on macOS Sierra. [#917]

    GPGMail (10.9 - 10.11) 2.6.3


    • Detection of PGP/MIME encrypted messages is more lenient towards Avast modifications. [#921]
    • Properly detects PGP data now where the PGP marker has whitespace after -----BEGIN PGP MESSAGE-----. [#924]
    • Drafts could be encrypted twice resulting in drafts showing an encrypted.asc file when re-visited. [#866]

    GPG Keychain 1.4


    • Since the short ID has been deemed insecure for a long time, new installations of GPG Keychain now show the fingerprint column instead of the short ID. [#376]
    • GPG Keychain no longer allows uploading a public key, if the key in question does not reside on the key servers. So if you signed a key which does not exist on the key servers yet, consider mailing the updated public key to the key owner if you want to share your signature. [#186]
    • Improves the support of different languages in GPG Keychain preferences. [#382]
    • The subkey tab has received a clean-up. [#387]
    • Display the fingerprint of a subkey in the key details view. [#386]
    • Key details clean-up: Tabs have been simplified. It's now easier to add a photo to a key. [#269]
      Whenever keys are changed, created or updated, an informative key upload dialog is shown. [#277, #417, #418]
    • It's now possible to display additional information for a key signature by right-clicking on a signature in the key details > user IDs tab and downloading the key which created the signature. [#235]
    • Key details > user ID tab: the signature section now has a + button allowing to sign the selected user ID. [#421]
    • Adds VoiceOver support for key creation dialog. [#351]
    • Adds a confirmation dialog to key uploads. [#61, #405]
    • Key uploads are limited to a single key at a time. [#419]
    • When exporting a key, the filename now suggests what type of key your are exporting (Public or Secret key). [#396]
    • After importing a key it is highlighted in the key list. [#369, #404]
    • Improves subkey generation dialog to better support different languages. [403]
    • When no match is found for a search of your keys, an informative message instead of an empty key list is shown. [#371]
    • The dialog for adding a user ID or subkey is now consistent with the dialog for new keys. [#254]
    • Key creation dialog was cleaned up. [#412]
    • Removes restrictions for the name field in the key creation dialog. [#399, #402, #415]
    • The comment field is generally considered to be harmful. This version removes it from the dialog to add a user ID. [#416]
    • Adds support for png image files. [#278]
    • Key server search results window is resizable. [#267]
    • When selecting more than one key and opening the key details view, an informative message instead of an empty window is now shown. [#328]
    • When GPG Keychain is opened by double-clicking on an encrypted file instead of a file containing a gpg key, it automatically opens GPGServices to handle the file instead. [#384]


    • Disabling or re-enabling a key in key details no longer triggers lags of the UI. [#385]
    • The escape key now consistenly closes key details. [#407]
    • When updating the expiry date, that information now is instantly updated. [#231]
    • Type any letter or an entire name on your keyboard while in the key list to get to that place in the list. This has been behaving strangely for a long time and we are really happy it now works as expected. [#342]
    • Signing keys is only available for single keys. When more than one key is selected the signing option is greyed out. [#391]
    • Fixes a rare hang which could occur during key upload. [#409]
    • Fixes a crash when opening key server preferences with no key server selected at the time. [#398]
    • Fixes a problem where the dialog to add a user ID could get stuck when the user attempted to abort. [#401]
    • The fingerprint no longer changes font-size when being marked. [#374]
    • Adds proper text to the dialog which is shown, when users try to import encrypted data. [#383]

    GPG Suite Preferences (was GPGPreferences) 2.1

    Crash Reporter for GPGMail

    • When GPGMail crashes you will be asked whether or not you want to send us the crash report.
    • These crash reports will help us to quickly identify and fix issues in GPGMail.
    • If you add an email address in GPG Suite Preferences we will even be able to contact you to ask for further details. [#89]
    • You can disable the crash reporter at any time.


    • Field for caching time limited to 5 digits so that all numbers entered are visible. [#87]
    • Keys in the "Default Key" dropdown are listed in alphabetical order. [#64]
    • A confirmation dialog is shown, when stored passwords are about to be deleted or the password cache is about to be cleared. [#81]
    • Renames GPGPreferences to GPG Suite. [#94]
    • Removes the option to edit the gnupg.conf comment from GPG Suite Preferences. If a custom comment is detected, a one time dialog is displayed for users, that allows them to easily remove it. [#88]

    MacGPG 2.2.0

    Migration from gnupg 2.0 to 2.2

    • MacGPG now includes GnuPG 2.2. Learn more about the changes.


    • Libgcrypt 1.8.1, including fix for CVE-2017-7526 and CVE-2017-0379. [#695, #696]
    • pinentry dialog is no longer shown twice when canceled during subkey generation. [#693]
    • Fixes a crash in scdaemon when using a Yubikey. [#689]

    Libmacgpg 0.8


    • Instead of using a custom implementation of NSTask with support for multiple pipes, adjust the code to use NSTask and reduce number of necessary pipes. [#155]


    • Make sure that the gpg operation is aborted when a pinentry passphrase request is cancelled while signing and encrypting a file. [#156]
    • Transform gpg 2.1 error codes. [#154]
    • Use Security and CommonCrypto for installer certificate validation instead of OpenSSL. [#152]

    GPG Suite 2016.10

    GPGMail, our plugin for securing emails using GPG in is not yet compatible with macOS Sierra. If you rely on GPGMail, please refrain from updating to macOS Sierra for the time being!

    We've posted a temporary workaround to decrypt/encrypt/sign your message using GPGServices.

    Add yourself here in order to be notified as soon as a first version for 10.12 is ready for testing.

    Security fixes:

    Fixes a privilege escalation bug in our Installer, which could allow an attacker that has already local access to a machine, execute mailious code as root. Thanks for responsible disclosure: k4dl (@k4dl) and lumpy_ (@diretraversal)

    GPGMail 2.6.2


    • Remove X-Pgp-Agent: GPGMail information: We do no longer expose the fact that you are using GPGMail in the mail header. [#879]

    GPGKeychain 1.3.2


    • Key creation failed on first attempt. [#377]
    • The term "key server" is now consistently used throughout GPG Keychain. [#348]
    • Don't show old info messages for current key searches. [#375]
    • Dialog for key deletion had too many buttons. This was a 10.12 specific problem. [#379]

    GPGPreferences 2.0.1


    • We added detailed version info to the about tab. [#84]


    • Checkbox for "remember for ... seconds" setting could not be de-selected. [#86]

    MacGPG 2.0.30


    • Libgcrypt 1.6.6: Fixes a bug in the mixing functions of Libgcrypt's random number generator. CVE-2016-6313 (wrongly identified as CVE-2016-6316 in some contexts) [#685]

    GPG Suite 2016.08


    • We fixed a glitch in our auto-updater.
    • Don't restart GPG Keychain so fast. This will prevent GPG Keychain from launching while other components where not ready yet. The result was an empty key list.

    GPG Suite 2016.07

    Simplified update process

    • The update options available in GPGMail, GPG Keychain and GPGPreferences are now in sync. They are much more intuitive now. You can search for updates on the stable channel and include beta updates if you want to help testing new features. We will make more use of the beta channel in the future. Promised! The nightly builds are used for debugging / hotfix purposes only.

    10.6 - 10.8 EOL

    • We want to improve GPG Suite, but each new feature we introduced, caused difficulties on the older iterations of OS X. Thus 10.6 - 10.8 will be End of Life and are not supported in this version of GPG Suite. GPG Suite for 10.6 - 10.8 can be downloaded from

    GPGMail 2.6

    El Capitan stable

    • GPGMail 2.6 stable is rolled out for 10.9 - 10.11. [#834]

    VoiceOver support

    • We made sure that all GPGMail elements are working in VoiceOver while composing a draft. For the best VoiceOver implementation, make sure you have the latest OS X version. Known limitations: 10.10 can not access the OpenPGP indicator, 10.9 as 10.10 and button state is not announced. We suggest all of our blind users to update to 10.11 and would be really excited to hear your feedback on this.


    • Change default so that version info is no longer attached to messages. [#837]


    • Drafts were opened in blank state when closing mail while working on a draft and not saving it. [#860]
    • Respect Subkey key mapping. [#862]
    • Sending a mail while in fullscreen view resulted in getting stuck on a black screen. [#852]
    • Disable the setting to 'Automatically check for updates' didn't stick. [#850]
    • Mission control showed drafts despite them already being sent. [#853]
    • Inline/PGP works again using BCC: recipients. [#869]
    • MailTags and GPGMail can again peacfully co-exist. Thanks Scott from MailTags! [#849]
    • Startup crash on 10.10 and 10.11 related to the MailTags fix. [#868]
    • was not starting correctly after closing it while an unsaved draft was open. [#871]
    • Ensure draft state is saved and kept when re-opening draft. [#854]

    GPGKeychain 1.3

    Clipboard detection

    • When GPG Keychain is open and the user copies any text key to the clipboard, we now show a dialog asking if you want to import the key. This has been a popular request. Hope you like it! [#248]


    • Allow symbols in email address for key creation. [#365]
    • The info message is now consistent when revoking a key via rev cert import and via contextual menu. [#346]
    • Key import dialog has been improved a lot. Readability and clarity ahoi! After a key import, that key will be highlighted. [#358]
    • Display info messages as dialog instead of a text window. [#290]
    • Removed delete icon from default icons. [#364]
    • Changed keyboard shortcut to update a key from the key server from ⇧⌘Y to ⌘U. That should be both easier and more intuitive. [#356]
    • For keys with only one UserID the algorithm preferences will no longer show a dropdown selection with only one entry. [#323]
    • Keyboard shortcuts in the Subkey and Key tab now work consistent. ⌘C copies fingerprint with spaces and ⇧⌘C copies fingerprint without spaces. [#359, #354]
    • Option to 'Mail public key' is not available for expired or revoked keys. You do not want to share those old keys with the world. [#301]
    • Show key details when attempting to import a key and that key already exists. [#289]


    • Keylist is updated as expected when deleting or importing keys. [#357]

    GPGPreferences 2.0

    Settings Redesigned

    • Our long neglected child has received some major love. The settings have been completey redesigned. We hope you like the new layout.

    Send Report

    • We hope you don't, but should you ever run into trouble and want to get in touch, it has never been easier. The new 'Send Report' tab provides an easy option to create a discussion on our known support platform.
    • For debugging porpuses you can attach a debug log. It will be sent via encrypted TLS connection to our hoster. There it is encrypted with out team key and then sent to our support platform.
    • This should help both you and us to be more effective in debugging problems you may be seeing.


    • We now pre-select a key for you as default key, should none be selected already. In case you have more than one key, that will be the latest key. There's really no reason not to be using the default key option. [#68]

    GPGServices 1.11


    • Added a few CFBundleIdentifiers. [#226]


    • Error messages where shown with error code instead of being translated to human readable text. [#224]

    MacGPG 2.0.30


    • Updated SparkleUpdate to 1.13.1. [#682]
    • Fixed a longstanding crash 'exc_guard'. [#153]

    Libmacgpg 0.7


    • Be more tolerant when importing keys with wrong new lines. [#64]

    GPG Suite 2015.09

    GPGMail 2.6b2

    Pre-release version info

    • This beta will be disabled, once the next stable version of GPGMail is released. If you want to continue using GPGMail after that, you will have to acquire a valid license.

    Adds support for OS X 10.11 El Capitan

    • GPGMail has been updated to support the latest OS from Apple. Enjoy!


    • Greatly improves reliability
    • Fixes the appearance of the security indicator to look better as a toolbar item
    • Properly displays error messages when a gpg operation fails as the user attemtps to send a message.
    • The signature detail view is now properly displayed again.
    • Fixes an issue where the sign and encrypt status were not properly saved in the draft and hence couldn't be properly restored when continuing editing a draft.

    GPGMail 2.5.2

    Smooth upgrade to El Capitan

    • Instead of seeing the "incompatible Bundle"-message, when you launch Mail with GPGMail installed after upgrading to El Capitan, you will have the option to install our newest beta for El Capitan or disable GPGMail


    • GPGMail handles binary pgp messages as expected again. The regression was introduced in GPG Suite 2015.08. [#843]
    • Adds better support for variants of inline PGP in HTML messages.

    Libmacgpg 0.6.1


    • The most common crash in GPG suite 2015.08 was a crash in Libmacgpg when parsing PGP messages. [#150]

    GPG Suite 2015.08

    Security Note

    A bug in a Libmacgpg subcomponent could be abused by a local user to execute shell commands with root privileges [CVE-2014-4677]. This issue was fixed in GPG Suite 2015.06. A big thank you goes out to Bruno Bierbaumer for bringing this bug to our attention.

    Note for OS X 10.6 and 10.7 users: when installing this update, you might be asked for your admin password twice.

    GPGMail 2.5.1


    • 10.8 + 10.7: GPGMail setting to "Encrypt Drafts" could not be disabled. [#841]
    • Save and display the "Update check" setting correctly. [#842]
    • Properly display messages with content-type application/pgp. [#838]
    • Preserve rich-text formatting when continuing drafts. When drafts where re-opened all formatting was lost. [#835]

    GPG Keychain 1.2.1

    Show key revocation date

    • Key details for revoked keys now show the date of the revocation. [#345]


    • Drag & Drop of keys was not working when expert settings were enabled. [#343]

    GPGServices 1.10.1

    Supporting more applications

    • Added a ton of CFBundleIdentifiers to GPGServices in order to support more applications. [#209, #144]

    MacGPG 2.0.28

    Integrate MacGPG 2.0.28 [#159]

    • MacGPG is now based on gnupg 2.0.28


    • Introduces mitigations against the XARA attack in pinentry-mac. [#160]

    Libmacgpg 0.6

    Be more tolerant towards malformed messages

    • To many line breaks or other minor malformations so far resulted in a message that could not be decrypted. We are now much more tolerant and flexible. [#63, #145, #14, #38]


    • No more "no pinentry" errors! We've finally found a solution to fix the infamous "no pinentry" bug, caused by a socket connection to gpg-agent which was not closed under some circumstances. [#147]
    • One of the most common crashes in the 2015.06 release has been fixed. GPGTaskHelperXPC no longer crashes. [#143]
    • Crash in Libmacgpg GPGPacket fixed. [#146]
    • Under some circumstances and empty key list was returned. [#149]
    • Uses new pinentry with keychain support for new MacGPG. [#148]

    GPG Suite 2015.06

    GPGMail 2.5

    10.10 Yosemity support

    • This has been a long beta phase – we know. But we are very happy to announce 10.10 support is now ready for a stable release and hope you'll enjoy GPGMail 2.5 as much as we do.

    Encrypt drafts by default

    • All drafts will be encrypted with your public key by default, giving you better security and preventing bad situations from the get go. This concerns all your accounts in, even if you do not have an OpenPGP key for all of them. Encrypt drafts can still be disabled in GPGMail preferences (which we do not recommend). [#648]

    Show warning before sending an unencrypted reply to an encrypted message

    • Your security is important and sending an unencrypted reply to an encrypted message can pose a serious security threat since information might be leaked.
    • We now display an informative warning message which explains the situation and gives you the chance to revise the draft you are about to send.

    Intuitive security indicator for encrypted mails

    • Until now we showed an open lock to indicate that the mail has been decrypted. But actually there are only two states: successful decryption (which now shows a closed lock) or no decryption at all due to an error (which results in an error message). We think the new behavior is much more intuitive. The open lock for decrypted messages was irritating and did worry quite a few users who believed the messages weren't encrypted at all. [#777]


    • We think it's a good idea to keep our users up to date with the latest fixes and improvements. So now, the automatic check for updates is enabled by default. While working on this, we discovered a bug in the way auto-updates were implemented, so that is now fixed and updates for GPGMail should be much smoother in the future. [#774, #785, #822]

    Warning about drafts stored on server

    • This warning serves a very specific case, but it is very important to understand the consequences, so we are happy to now provide the user with an informative message. If drafts are stored on server and the GPGMail option to "Encrypt drafts" is being disabled, you'll see a message warning you that your drafts will be stored on those server as plain text, once you start typing a new message. [#819]


    • GPGMail on 10.10 no longer crashes when new message creation is invoked via AppleScript. We heard you - this is a much used feature and we're glad this bug is fixed! [#768, #799, #804]
    • crash on 10.7: Crash on creation of a new message. [#783]
    • Drafts: Sign and encrypt status for drafts were not always saved. [#761]
    • Drafts: Signed drafts were displayed as empty messages on Mavericks. [#695]
    • Drafts: A nasty bug was squashed which prevented drafts from being stored on OS X 10.8 and 10.7. [#776]
    • Drafts: In some occasions, encrypted drafts or sent messages had missing header parts, which resulted in incorrectly rendered mails.[#782]
    • GPGMail believed that for certain addresses S/MIME encryption was not available while it actually was. [#673]
    • Updates: the installer no longer stays open when was quit during the update. [#742]
    • Displaying revoked UIDs when two keys for the same email address exist and one is revoked is a bad idea. We no longer do that. [#656]
    • Coexist peacefully: No more duplicate headers when using GPGMail and MailTags plugins together. [#747]
    • A broken signature was falsely shown as "Signed". [#714]
    • Remove trailing white-spaces so that signatures no longer get invalidated. [#686]
    • On 10.10 GPGMail failed to properly load messages with winmail.dat attachments. [#771]
    • Correctly detect inline PGP in text/html messages. [#787]
    • 10.10: ensure selecting a specific key in the "From:" menu when composing a new message is possible when more than one secret key is available for the same email address. [#809]
    • GPGMail no longer clutters with "error CFBundle RegexKit.framework Data couldn't be read" messages. [#796]
    • Attachments of weird inline PGP encrypted messages from Windows are now properly displayed. [#677]
    • When selecting an email from the sent folder and using "Send again" from the menubar, the resent mail did not respect your default setting to encrypt / sign mails. [#813]
    • Minor typo in an error messages about signature that cannot be verified fixed. [#816]
    • There was an infinite loop (scnr) error when spell check on send was enabled and the user clicked "Send anyway". [#829]

    GPG Keychain 1.2

    Create revocation certificate for every new key

    • Before when you lost a secret key or forgot the passphrase for it, you had to make sure to have a revocation certificate, to at least inform others that this key is no longer to be used. From our experience however we know, that not many people are creating a revocation certificate in time. And you shouldn't have to. That's why we now create a revocation certificate for you whenever you create a new key in GPG Keychain! [#244]

    Send public key by mail

    • This is one of the more popular feature requests we had in the pipe: You can now send your public key by mail by selecting "Key > Mail pub key" from the menu bar (⇧⌘M). This is possible for your own public keys or also for other public keys in your keychain. A new mail in will open and we've added a nice template text to explain what a public key acutally is and how to get started using OpenPGP if your friends are not familiar with it. [#86]

    Sanity check for new key servers

    • When entering a new key server in the key server preferences, we now run a check to see if the key server is properly working, so users don't end up with a broken key server. [#150]

    Warning message before revoking a key

    • Revocation certificates should never be imported without informing the user about the consequences. So before you can revoke your key we now show a message that explains any implications. [#165]

    Removed option to create 1024bit keys

    • 1024bit keys are no longer considered secure, so we removed that option. [#264]


    • Selecting many keys for cleaning operation could result in crash. [#193]
    • Canceling the progress indicator caused a crash. [#191]
    • Potential crash on key import from key server. [#227]
    • 10.7: Crash on opening GPG Keychain. [#279]
    • Potential crash when adding a User ID. [#274]
    • Endless loop when revoking a key. [#273]
    • Crash on key creation. [#240]
    • Crash when changing ownertrust. [#212]
    • Crash on several occasions in NSKeyValueCoding. [#340]
    • Key on smartcard wasn't detected by GPG Keychain. [#216]
    • Instead of crashing an error message is displayed when SSH keys are imported (which are not supported). [#210, #255]
    • Allow creation of subkeys with specific capabilities and honor RSA sign only key. [#148]
    • Show keyIDs of own keys when signing. [#192]
    • Malloc error when entering ldap key server URL. [#228]
    • Double entry for GPG Keychain under System Preferences > Security > Privacy > Contacts due to change in identifier. [#196]
    • Export of pub key does not show suffix although option to hide suffix is inactive. [#225]
    • Search for german umlaute was broken. [#217]
    • Creating sign-only keys didn't work. [#152]
    • Display details when showing an unknown error. [#341]
    • Key servers entered by users where not stored in the key server list. [#292]
    • Entering an invalid keyserver value with newlines caused a crash. [#299]
    • When trying to delete all keys, only secret keys were deleted but public keys remained. [#283]
    • Revoking a signature was broken. [#285]
    • If you are a gamer and had high APM, toggeling the filters fast enough would not change sorting but open the selected key. [#294]
    • No longer gets stuck after a users removes all algorithms except "none". [321]
    • Better error message when opening encrypted files with GPG Keychain instead of GPGServices. [#224]
    • Better default naming for exported keys: If more than one key is exported, GPG Keychain now uses "YEAR-MM-DD" and shows the number of exported keys. [#300]
    • Keep primary UserID after adding new UserID. [#172]
    • Better info message in Key > Sign dialog. [#207]
    • Display warning before deleting last self-signature. [#102]
    • When creating a new key, we auto-fill the fields with data from your address book entry. [#70]
    • Key inspector window should not stay visible when GPG Keychain is in the background. [#215]
    • Allow drag and dropping a .jpg into the Key Inspector > Photo tab... [#182]
    • Show spinner if loading photos takes more than 2 seconds. [#181]
    • Allow searching for fingerprints using human readable format (i.e. with spaces). [#204]
    • Add a toolbar button for key search/retrieval. [#221]
    • Keep position of key list after deleting a key and don't jump back to the top. [#177]
    • Removed Undo / Redo from Edit Menu until this feature is properly implemented. [#309]
    • Show validity column in default view for main window. Many users where wondering why keys where unusable. This will help indicating what is going on. [#122]
    • Column sorting using the validity column now follows validity status instead of the alphabet of the validity state. [#241]
    • Fingerprint was displayed with too many spaces. [#208]
    • Key Inspector User ID tab: the signature column and created date were too narrow. [#97, #201]
    • Show warning if pinentry crashes during key creating instead of just sitting idle. [#200]
    • New warning: when the only subkey of a key is about to be deleted, we now display an informative warning. [#103]
    • No longer display the comment column in the key list. [#271]
    • Limit long error messages so they don't go offscreen. [#170, #252]
    • Button too narrow for german translation in new key dialog. [#253]
    • Key inspector for UI improvements for german translation. [#114]
    • Resize text-fields to fit content. Really long names where not properly shortened. [#220]
    • Better error message if damaged gpg.conf is detected. [#149]
    • Don't show revoked keys in search results from key servers. If you want to see revoked keys for your key search you can enable that option under Preferences > Key server. [#262]
    • Improve naming of key search options to clarify where the search is done (local search vs search on key servers). [#265]
    • When updating keys, progress sheet listed User IDs without line breaks. [#226]
    • Incorrect progress sheet message when changing expiration date of a key. [#214]
    • When main window is maximized, instead of expanding the key inspector (key details) to the side, they now show in a separate window on top. [#236]
    • Hide "Algorithm Preferences" by default. They still exists but are now an expert setting. [#311]
    • Improved naming and reordered a few menu bar items.
    • New keys did not appear in key list when one tried to signed another key. [#303]
    • Proper sorting ignoring capitalization: why did we differentiate between capitalization and small letters in the first place? [#302]
    • When changing the primary UserID the key list no longer loses focus of the selected key. [#304]
    • Properly display important dialog windows on small screens, which might have previously been hidden by the key details window. [#307]
    • Properly display UTF-8 characters when looking at UserIDs. [#320]
    • Minor fix in german translation for Key ID. [#275]

    GPGServices 1.10

    Clearly indicate which keys are selected

    • Below the key list you'll now find an indicator showing if any keys are selected. Keys which are already selected will always be shown on top of the key list, so you will not accidentally encrypt to the wrong recpipient. If you want to unselect all keys we now provide a simple checkbox for that. [#183]


    • Crash when using columns to sort keys. [#178]
    • Signing files broken. GPGServices main window not showing up, only a progress indicator. [#176]
    • Progress indicator not closed when GPGServices main window closed. [#166]
    • Be more tolerant towards deformed encrypted messages. Missing linebreaks at the end of an encrypted message no longer cause a "Decryption failed" error. [#197]
    • Be even more tolerant: Encrypted messages sent via facebook couldn't be decrypted. [#196]
    • Decryption of encrypted empty text file failed. [#172]
    • Processing of large files (>4GB) lead to errors. [#217]
    • OK button became inactive when encrypting to public keys without encrypting to own key. [#214]
    • Key count of selected keys is now always correct. There were glitches in some rare occasions. [#216]
    • 10.6: Leaking NSString objects when GPGServices was launched. [#212]
    • Filename wasn't correctly saved in the encrypted file, so that renamed encrypted files produced wrongly named decrypted files. [#161]
    • Show verification results when decrypting text. [#179]
    • Files with spaces in the filename that were encrypted and later decrypted, contained "%20" instead of spaces in the output filename. [#202]
    • Verify results now also show the Key ID in addition to Name and mail address. [#177]
    • Minor improvements in "Sign / Add to recipients" section in main window. [#188]

    GPGPreferences 1.5

    Update management for all tools

    • Add "Check Now" buttons for all the tools: it's never been easier to stay up-to-date with all components of GPG Suite. We now offer stable, pre-release and nightly channels for every single component of GPG Suite. [#58]

    Key server sanity check

    • GPGPreferences now checks if a key server is valid and working, when a new one is entered. [#71]

    Copy version info into the clipboard

    • By clicking on any version info in the Updates tab, all version info is copied into the clipboard. This makes it easier than ever to provide the complete version information along with your support requests. [#53]


    • Respect the "display no version info" setting. When exporting a key, "MacGPG v2" was still added. This is no longer the case. [#66]
    • Crash on 10.6 caused by "Check Now" button. [#54]
    • Nightly channel didn't stick. The channel setting was not stored. [#59]
    • Crash due to invalid value on "remember the passphrase for" setting. [#69]
    • OS X 10.6: "delete stored passphrases" option didn't work properly. [#72]
    • Display "Select a key..." instead of an empty combo box when no default key is selected. [#70]
    • OS X 10.10: Text of component names in Updates tab cut off. [#65]
    • Visually distinguish installed and not installed tools in update listing. [#52]

    MacGPG 2.0.27

    Support for hkps key servers and new key server default

    • The default gpg.conf uses the key server by default. [#119]
    • Tries to migrate old default configurations to connect to key servers via hkps.
    • hkps sks key server pool is now new default.

    No version info to protect your security

    • The new default will not show any version info in the comment field. For existing installations, you can disable showing version info using GPGPreferences. That way it's no longer possible to determine for an attacker which gnupg someone is using and can't abuse that information. [#131]

    Integrate gpg 2.0.27

    • Includes a fix for a DoS based on bogus and overlong key packets.
    • Adds better error reporting for keyserver problems.
    • Includes other bug fixes related to bogus keyrings.


    • Passphrase in pinentry wasn't display properly when 'Show typing' enabled. [#145]
    • Import filter rejected some keys on auto-import. [#134]
    • gpg-agent timout when signing Mails. [#128]
    • OS X 10.6: pinentry program entry not added to gpg-agent.conf in some rare occasions. [#125]
    • scdaemon was misbehaving badly on OS X 10.10 leading to big problems for smartcard users. Happy to announce this is fixed. [#140]
    • gpgkeys errors included in output destroying attachments. [#150]
    • When installing GPG Suite or MacGPG2 the gpg.conf is no longer cluttered with superfulous entries of key server addresses. [#152]
    • Creation of keys bigger than 4096bit was broken. After discussion on the gnupg mailing list we came to a mutual agreement and decided to remove this option.