Researchers have developed code exploiting several vulnerabilities in PGP (including GPG) for email. In response, EFF’s current recommendation is to disable PGP integration in email clients.
Disabling PGP decryption in Outlook requires running the Gpg4win installer again so that you can choose not to have the GpgOL plug-in on your system. Your existing keys will remain available on your machine.
-
Download and open the Gpg4win installer.
-
You’ll then see the Gpg4win installer intro page. Click “Next.”
3. Uncheck “GpgOL” from the dialog, but keep all the other options the same. Click “Next.”
4. Click “Install.” It will now install to the specified location without Outlook integration.
5. Click “Finish.”
Once the GpgOL plugin for Outlook is disabled, your emails will not be automatically decrypted in Outlook.
Note that you will instead see the encrypted email as separate files which you can download and then read with the command line.
These notes are based on Outlook 2016 and Windows 10.