GPG Suite 2016.10

GPGMail 2.6.2


  • Remove "X-Pgp-Agent: GPGMail" header. We no longer expose the fact that you are using GPGMail in the mail header. [#879]

GPGKeychain 1.3.2


  • Key creation failed on first attempt. [#377]
  • The term "key server" is now consistently used throughout GPG Keychain. [#348]
  • Don't show old info messages for current key searches. [#375]
  • Dialog for key deletion had too many buttons. This was a 10.12 specific problem. [#379]

GPGPreferences 2.0.1


  • We added detailed version info to the about tab. [#84]


  • Checkbox for "remember for ... seconds" setting could not be deselected. [#86]

MacGPG2 2.0.30


  • Libgcrypt 1.6.6: Fixes a bug in the mixing functions of Libgcrypt's random number generator. CVE-2016-6313 (wrongly identified as CVE-2016-6316 in some contexts) [#685]

Security fixes

  • Fixes a privilege escalation bug in our Installer, which could allow an attacker who already had local access to a machine, to execute malicious code as root. Thanks for responsible disclosure: k4dl (@k4dl) and lumpy_ (@diretraversal)

GPG Suite 2016.08


  • We fixed a glitch in our auto-updater.
  • Don't restart GPG Keychain so fast. This will prevent GPG Keychain from launching while other components where not ready yet. The result was an empty key list.

GPG Suite 2016.07

Simplified update process

  • The update options available in GPGMail, GPG Keychain and GPGPreferences are now in sync. They are much more intuitive now. You can search for updates on the stable channel and include beta updates if you want to help testing new features. We will make more use of the beta channel in the future. Promised! The nightly builds are used for debugging / hotfix purposes only.

10.6 - 10.8 EOL

  • We want to improve GPG Suite, but each new feature we introduced, caused difficulties on the older iterations of OS X. Thus 10.6 - 10.8 will be End of Life and are not supported in this version of GPG Suite. GPG Suite for 10.6 - 10.8 can be downloaded from

GPGMail 2.6


El Capitan stable

  • GPGMail 2.6 stable is rolled out for 10.9 - 10.11. [#834]

VoiceOver support

  • We made sure that all GPGMail elements are working in VoiceOver while composing a draft. For the best VoiceOver implementation, make sure you have the latest OS X version. Known limitations: 10.10 can not access the OpenPGP indicator, 10.9 as 10.10 and button state is not announced. We suggest all of our blind users to update to 10.11 and would be really excited to hear your feedback on this.


  • Change default so that version info is no longer attached to messages. [#837]


  • Drafts were opened in blank state when closing mail while working on a draft and not saving it. [#860]
  • Respect Subkey key mapping. [#862]
  • Sending a mail while in fullscreen view resulted in getting stuck on a black screen. [#852]
  • Disable the setting to 'Automatically check for updates' didn't stick. [#850]
  • Mission control showed drafts despite them already being sent. [#853]
  • Inline/PGP works again using BCC: recipients. [#869]
  • MailTags and GPGMail can again peacfully co-exist. Thanks Scott from MailTags! [#849]
  • Startup crash on 10.10 and 10.11 related to the MailTags fix. [#868]
  • was not starting correctly after closing it while an unsaved draft was open. [#871]
  • Ensure draft state is saved and kept when re-opening draft. [#854]

GPGKeychain 1.3


  • Clipboard detection: When GPG Keychain is open and the user copies any text key to the clipboard, we now show a dialog asking if you want to import the key. This has been a popular request. Hope you like it! [#248]
  • Allow symbols in email addresse for key creation. [#365]


  • The info message is now consistent when revoking a key via rev cert import and via contextual menu. [#346]
  • Key import dialog has been improved a lot. Readability and clarity ahoi! After a key import, that key will be highlighted. [#358]
  • Display info messages as dialog instead of a text window. [#290]
  • Removed delete icon from default icons. [#364]
  • Changed keyboard shortcut to update a key from the key server from ⇧⌘Y to ⌘U. That should be both easier and more intuitive. [#356]
  • For keys with only one UserID the algorithm preferences will no longer show a dropdown selection with only one entry. [#323]
  • Keyboard shortcuts in the Subkey and Key tab now work consistent. ⌘C copies fingerprint with spaces and ⇧⌘C copies fingerprint without spaces. [#359, #354]
  • Option to 'Mail public key' is not available for expired or revoked keys. You do not want to share those old keys with the world. [#301]
  • Show key details when attempting to import a key and that key already exists. [#289]


  • Keylist is updated as expected when deleting or importing keys. [#357]

GPGPreferences 2.0


Settings Redesigned

  • Our long neglected child has received some major love. The settings have been completey redesigned. We hope you like the new layout.

Send Report

  • We hope you don't, but should you ever run into trouble and want to get in touch, it has never been easier. The new 'Send Report' tab provides an easy option to create a discussion on our known support platform.
  • For debugging porpuses you can attach a debug log. It will be sent via encrypted TLS connection to our hoster. There it is encrypted with out team key and then sent to our support platform.
  • This should help both you and us to be more effective in debugging problems you may be seeing.


  • We now pre-select a key for you as default key, should none be selected already. In case you have more than one key, that will be the latest key. There's really no reason not to be using the default key option. [#68]

GPGServices 1.11


  • Added a few CFBundleIdentifiers. [#226]


  • Error messages where shown with error code instead of being translated to human readable text. [#224]

MacGPG 2.0.30


  • GnuPG 2.0.30

Libmacgpg 0.7


  • Be more tolerant when importing keys with wrong new lines. [#64]

GPG Suite 2015.09

GPGMail 2.5.2

Smooth upgrade to El Capitan

  • Instead of seeing the "incompatible Bundle"-message, when you launch Mail with GPGMail installed after upgrading to El Capitan, you will have the option to install our newest beta for El Capitan or disable GPGMail


  • GPGMail handles binary pgp messages as expected again. The regression was introduced in GPG Suite 2015.08. [#843]
  • Adds better support for variants of inline PGP in HTML messages.

Libmacgpg 0.6.1


  • The most common crash in GPG suite 2015.08 was a crash in Libmacgpg when parsing PGP messages. [#150]

GPG Suite 2015.08

Security Note

A bug in a Libmacgpg subcomponent could be abused by a local user to execute shell commands with root privileges (CVE-2014-4677).
This issue was fixed in GPG Suite 2015.06.
A big thank you goes out to Bruno Bierbaumer for bringing this bug to our attention.

Note for OS X 10.6 and 10.7 users: when installing this update, you might be asked for your admin password twice.

GPGMail 2.5.1


  • 10.8 + 10.7: GPGMail setting to "Encrypt Drafts" could not be disabled. [#841]
  • Save and display the "Update check" setting correctly. [#842]
  • Properly display messages with content-type application/pgp. [#838]
  • Preserve rich-text formatting when continuing drafts. When drafts where re-opened all formatting was lost. [#835]

GPG Keychain 1.2.1

Show key revocation date

  • Key details for revoked keys now show the date of the revocation. [#345]


  • Drag & Drop of keys was not working when expert settings were enabled. [#343]

GPGServices 1.10.1

Supporting more applications

  • Added a ton of CFBundleIdentifiers to GPGServices in order to support more applications. [#209, #144]

MacGPG 2.0.28

Integrate MacGPG 2.0.28 [#159]

  • MacGPG is now based on gnupg 2.0.28


  • Fixes pinentry-mac to no longer be affected by the XARA attack. [#160]

Libmacgpg 0.6

Be more tolerant towards malformed messages

  • Too many line breaks or other minor deformations of ASCII PGP data often resulted in a message that could not be decrypted. We are now much more tolerant and flexible. [#63, #145, #14, #38]


  • No more "no pinentry" errors! We've finally found a solution to fix the infamous "no pinentry" bug, caused by a socket connection to gpg-agent which was not closed under some circumstances. [#147]
  • One of the most common crashes in the 2015.06 release has been fixed. GPGTaskHelperXPC no longer crashes. [#143]
  • Crash in Libmacgpg GPGPacket fixed. [#146]
  • Under some circumstances and empty key list was returned. [#149]
  • Uses new pinentry with keychain support for new MacGPG. [#148]

GPG Suite 2015.06

GPGMail 2.5

10.10 Yosemity support

  • This has been a long beta phase – we know. But we are very happy to announce 10.10 support is now ready for a stable release and hope you'll enjoy GPGMail 2.5 as much as we do.

Encrypt drafts by default

  • All drafts will be encrypted with your public key by default, giving you better security and preventing bad situations from the get go. This concerns all your accounts in, even if you do not have an OpenPGP key for all of them. Encrypt drafts can still be disabled in GPGMail preferences (which we do not recommend). [#648]

Show warning before sending an unencrypted reply to an encrypted message

  • Your security is important and sending an unencrypted reply to an encrypted message can pose a serious security threat since information might be leaked.
  • We now display an informative warning message which explains the situation and gives you the chance to revise the draft you are about to send.

Intuitive security indicator for encrypted mails

  • Until now we showed an open lock to indicate that the mail has been decrypted. But actually there are only two states: successful decryption (which now shows a closed lock) or no decryption at all due to an error (which results in an error message). We think the new behavior is much more intuitive. The open lock for decrypted messages was irritating and did worry quite a few users who believed the messages weren't encrypted at all. [#777]


  • We think it's a good idea to keep our users up to date with the latest fixes and improvements. So now, the automatic check for updates is enabled by default. While working on this, we discovered a bug in the way auto-updates were implemented, so that is now fixed and updates for GPGMail should be much smoother in the future. [#774, #785, #822]

Warning about drafts stored on server

  • This warning serves a very specific case, but it is very important to understand the consequences, so we are happy to now provide the user with an informative message. If drafts are stored on server and the GPGMail option to "Encrypt drafts" is being disabled, you'll see a message warning you that your drafts will be stored on those server as plain text, once you start typing a new message. [#819]


  • GPGMail on 10.10 no longer crashes when new message creation is invoked via AppleScript. We heard you - this is a much used feature and we're glad this bug is fixed! [#768, #799, #804]
  • crash on 10.7: Crash on creation of a new message. [#783]
  • Drafts: Sign and encrypt status for drafts were not always saved. [#761]
  • Drafts: Signed drafts were displayed as empty messages on Mavericks. [#695]
  • Drafts: A nasty bug was squashed which prevented drafts from being stored on OS X 10.8 and 10.7. [#776]
  • Drafts: In some occasions, encrypted drafts or sent messages had missing header parts, which resulted in incorrectly rendered mails.[#782]
  • GPGMail believed that for certain addresses S/MIME encryption was not available while it actually was. [#673]
  • Updates: the installer no longer stays open when was quit during the update. [#742]
  • Displaying revoked UIDs when two keys for the same email address exist and one is revoked is a bad idea. We no longer do that. [#656]
  • Coexist peacefully: No more duplicate headers when using GPGMail and MailTags plugins together. [#747]
  • A broken signature was falsely shown as "Signed". [#714]
  • Remove trailing white-spaces so that signatures no longer get invalidated. [#686]
  • On 10.10 GPGMail failed to properly load messages with winmail.dat attachments. [#771]
  • Correctly detect inline PGP in text/html messages. [#787]
  • 10.10: ensure selecting a specific key in the "From:" menu when composing a new message is possible when more than one secret key is available for the same email address. [#809]
  • GPGMail no longer clutters with "error CFBundle RegexKit.framework Data couldn't be read" messages. [#796]
  • Attachments of weird inline PGP encrypted messages from Windows are now properly displayed. [#677]
  • When selecting an email from the sent folder and using "Send again" from the menubar, the resent mail did not respect your default setting to encrypt / sign mails. [#813]
  • Minor typo in an error messages about signature that cannot be verified fixed. [#816]
  • There was an infinite loop (scnr) error when spell check on send was enabled and the user clicked "Send anyway". [#829]

GPG Keychain 1.2

Create revocation certificate for every new key

  • Before when you lost a secret key or forgot the passphrase for it, you had to make sure to have a revocation certificate, to at least inform others that this key is no longer to be used. From our experience however we know, that not many people are creating a revocation certificate in time. And you shouldn't have to. That's why we now create a revocation certificate for you whenever you create a new key in GPG Keychain! [#244]

Send public key by mail

  • This is one of the more popular feature requests we had in the pipe: You can now send your public key by mail by selecting "Key > Mail pub key" from the menu bar (⇧⌘M). This is possible for your own public keys or also for other public keys in your keychain. A new mail in will open and we've added a nice template text to explain what a public key acutally is and how to get started using OpenPGP if your friends are not familiar with it. [#86]

Sanity check for new key servers

  • When entering a new key server in the key server preferences, we now run a check to see if the key server is properly working, so users don't end up with a broken key server. [#150]

Warning message before revoking a key

  • Revocation certificates should never be imported without informing the user about the consequences. So before you can revoke your key we now show a message that explains any implications. [#165]

Removed option to create 1024bit keys

  • 1024bit keys are no longer considered secure, so we removed that option. [#264]


  • Selecting many keys for cleaning operation could result in crash. [#193]
  • Canceling the progress indicator caused a crash. [#191]
  • Potential crash on key import from key server. [#227]
  • 10.7: Crash on opening GPG Keychain. [#279]
  • Potential crash when adding a User ID. [#274]
  • Endless loop when revoking a key. [#273]
  • Crash on key creation. [#240]
  • Crash when changing ownertrust. [#212]
  • Crash on several occasions in NSKeyValueCoding. [#340]
  • Key on smartcard wasn't detected by GPG Keychain. [#216]
  • Instead of crashing an error message is displayed when SSH keys are imported (which are not supported). [#210, #255]
  • Allow creation of subkeys with specific capabilities and honor RSA sign only key. [#148]
  • Show keyIDs of own keys when signing. [#192]
  • Malloc error when entering ldap key server URL. [#228]
  • Double entry for GPG Keychain under System Preferences > Security > Privacy > Contacts due to change in identifier. [#196]
  • Export of pub key does not show suffix although option to hide suffix is inactive. [#225]
  • Search for german umlaute was broken. [#217]
  • Creating sign-only keys didn't work. [#152]
  • Display details when showing an unknown error. [#341]
  • Key servers entered by users where not stored in the key server list. [#292]
  • Entering an invalid keyserver value with newlines caused a crash. [#299]
  • When trying to delete all keys, only secret keys were deleted but public keys remained. [#283]
  • Revoking a signature was broken. [#285]
  • If you are a gamer and had high APM, toggeling the filters fast enough would not change sorting but open the selected key. [#294]
  • No longer gets stuck after a users removes all algorithms except "none". [321]
  • Better error message when opening encrypted files with GPG Keychain instead of GPGServices. [#224]
  • Better default naming for exported keys: If more than one key is exported, GPG Keychain now uses "YEAR-MM-DD" and shows the number of exported keys. [#300]
  • Keep primary UserID after adding new UserID. [#172]
  • Better info message in Key > Sign dialog. [#207]
  • Display warning before deleting last self-signature. [#102]
  • When creating a new key, we auto-fill the fields with data from your address book entry. [#70]
  • Key inspector window should not stay visible when GPG Keychain is in the background. [#215]
  • Allow drag and dropping a .jpg into the Key Inspector > Photo tab... [#182]
  • Show spinner if loading photos takes more than 2 seconds. [#181]
  • Allow searching for fingerprints using human readable format (i.e. with spaces). [#204]
  • Add a toolbar button for key search/retrieval. [#221]
  • Keep position of key list after deleting a key and don't jump back to the top. [#177]
  • Removed Undo / Redo from Edit Menu until this feature is properly implemented. [#309]
  • Show validity column in default view for main window. Many users where wondering why keys where unusable. This will help indicating what is going on. [#122]
  • Column sorting using the validity column now follows validity status instead of the alphabet of the validity state. [#241]
  • Fingerprint was displayed with too many spaces. [#208]
  • Key Inspector User ID tab: the signature column and created date were too narrow. [#97, #201]
  • Show warning if pinentry crashes during key creating instead of just sitting idle. [#200]
  • New warning: when the only subkey of a key is about to be deleted, we now display an informative warning. [#103]
  • No longer display the comment column in the key list. [#271]
  • Limit long error messages so they don't go offscreen. [#170, #252]
  • Button too narrow for german translation in new key dialog. [#253]
  • Key inspector for UI improvements for german translation. [#114]
  • Resize text-fields to fit content. Really long names where not properly shortened. [#220]
  • Better error message if damaged gpg.conf is detected. [#149]
  • Don't show revoked keys in search results from key servers. If you want to see revoked keys for your key search you can enable that option under Preferences > Key server. [#262]
  • Improve naming of key search options to clarify where the search is done (local search vs search on key servers). [#265]
  • When updating keys, progress sheet listed User IDs without line breaks. [#226]
  • Incorrect progress sheet message when changing expiration date of a key. [#214]
  • When main window is maximized, instead of expanding the key inspector (key details) to the side, they now show in a separate window on top. [#236]
  • Hide "Algorithm Preferences" by default. They still exists but are now an expert setting. [#311]
  • Improved naming and reordered a few menu bar items.
  • New keys did not appear in key list when one tried to signed another key. [#303]
  • Proper sorting ignoring capitalization: why did we differentiate between capitalization and small letters in the first place? [#302]
  • When changing the primary UserID the key list no longer loses focus of the selected key. [#304]
  • Properly display important dialog windows on small screens, which might have previously been hidden by the key details window. [#307]
  • Properly display UTF-8 characters when looking at UserIDs. [#320]
  • Minor fix in german translation for Key ID. [#275]

GPGServices 1.10

Clearly indicate which keys are selected

  • Below the key list you'll now find an indicator showing if any keys are selected. Keys which are already selected will always be shown on top of the key list, so you will not accidentally encrypt to the wrong recpipient. If you want to unselect all keys we now provide a simple checkbox for that. [#183]


  • Crash when using columns to sort keys. [#178]
  • Signing files broken. GPGServices main window not showing up, only a progress indicator. [#176]
  • Progress indicator not closed when GPGServices main window closed. [#166]
  • Be more tolerant towards deformed encrypted messages. Missing linebreaks at the end of an encrypted message no longer cause a "Decryption failed" error. [#197]
  • Be even more tolerant: Encrypted messages sent via facebook couldn't be decrypted. [#196]
  • Decryption of encrypted empty text file failed. [#172]
  • Processing of large files (>4GB) lead to errors. [#217]
  • OK button became inactive when encrypting to public keys without encrypting to own key. [#214]
  • Key count of selected keys is now always correct. There were glitches in some rare occasions. [#216]
  • 10.6: Leaking NSString objects when GPGServices was launched. [#212]
  • Filename wasn't correctly saved in the encrypted file, so that renamed encrypted files produced wrongly named decrypted files. [#161]
  • Show verification results when decrypting text. [#179]
  • Files with spaces in the filename that were encrypted and later decrypted, contained "%20" instead of spaces in the output filename. [#202]
  • Verify results now also show the Key ID in addition to Name and mail address. [#177]
  • Minor improvements in "Sign / Add to recipients" section in main window. [#188]

GPGPreferences 1.5

Update management for all tools

  • Add "Check Now" buttons for all the tools: it's never been easier to stay up-to-date with all components of GPG Suite. We now offer stable, pre-release and nightly channels for every single component of GPG Suite. [#58]

Key server sanity check

  • GPGPreferences now checks if a key server is valid and working, when a new one is entered. [#71]

Copy version info into the clipboard

  • By clicking on any version info in the Updates tab, all version info is copied into the clipboard. This makes it easier than ever to provide the complete version information along with your support requests. [#53]


  • Respect the "display no version info" setting. When exporting a key, "MacGPG v2" was still added. This is no longer the case. [#66]
  • Crash on 10.6 caused by "Check Now" button. [#54]
  • Nightly channel didn't stick. The channel setting was not stored. [#59]
  • Crash due to invalid value on "remember the passphrase for" setting. [#69]
  • OS X 10.6: "delete stored passphrases" option didn't work properly. [#72]
  • Display "Select a key..." instead of an empty combo box when no default key is selected. [#70]
  • OS X 10.10: Text of component names in Updates tab cut off. [#65]
  • Visually distinguish installed and not installed tools in update listing. [#52]

MacGPG 2.0.27

Support for hkps key servers and new key server default

  • The default gpg.conf uses the key server by default. [#119]
  • Tries to migrate old default configurations to connect to key servers via hkps.
  • hkps sks key server pool is now new default.

No version info to protect your security

  • The new default will not show any version info in the comment field. For existing installations, you can disable showing version info using GPGPreferences. That way it's no longer possible to determine for an attacker which gnupg someone is using and can't abuse that information. [#131]

Integrate gpg 2.0.27

  • Includes a fix for a DoS based on bogus and overlong key packets.
  • Adds better error reporting for keyserver problems.
  • Includes other bug fixes related to bogus keyrings.


  • Passphrase in pinentry wasn't display properly when 'Show typing' enabled. [#145]
  • Import filter rejected some keys on auto-import. [#134]
  • gpg-agent timout when signing Mails. [#128]
  • OS X 10.6: pinentry program entry not added to gpg-agent.conf in some rare occasions. [#125]
  • scdaemon was misbehaving badly on OS X 10.10 leading to big problems for smartcard users. Happy to announce this is fixed. [#140]
  • gpgkeys errors included in output destroying attachments. [#150]
  • When installing GPG Suite or MacGPG2 the gpg.conf is no longer cluttered with superfulous entries of key server addresses. [#152]
  • Creation of keys bigger than 4096bit was broken. After discussion on the gnupg mailing list we came to a mutual agreement and decided to remove this option.