This guide explains how to sign and encrypt an email using the gpg
(GNU Privacy Guard) tool from the command line. It covers the prerequisites, steps to sign and encrypt the email, and how to send it via email.
-
Install GPG: You need to have
gpg
installed on your system. Install it using the appropriate commands for your operating system:- Linux (Debian/Ubuntu-based):
sudo apt install gnupg
- macOS (with Homebrew):
brew install gnupg
- Windows: Download and install Gpg4win from gpg4win.org.
-
Generate a GPG key pair: If you don't already have a GPG key pair, generate one using:
gpg --full-generate-key
Create a text file (email.txt
) with your email content:
To: [email protected]
Subject: My Signed and Encrypted Email
Hello,
this is a test email signed and encrypted with GPG.
Best,
Your Name
To sign the email, use the following command:
gpg --clearsign email.txt
Alternatively, you can specify the key by using the email address or user ID associated with the key:
gpg --clearsign -u "[email protected]" email.txt
orgpg --clearsign -u 7C3B4B4B7725111F email.txt
.
This will generate a signed version of the email called email.txt.asc
with the GPG signature included. The content will look like this:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
To: [email protected]
Subject: My Signed and Encrypted Email
Hello,
this is a test email signed and encrypted with GPG.
Best,
Your Name
-----BEGIN PGP SIGNATURE-----
...
-----END PGP SIGNATURE-----
Now encrypt the signed message using the recipient's public key:
gpg --encrypt --recipient [email protected] email.txt.asc
This will generate a file called email.txt.gpg
(in raw binary data).
To sign and encrypt in one step, you can use:
gpg --sign --encrypt --recipient [email protected] email.txt
.
Attach the email.txt.gpg
file to your email in Outlook or any other email client. The body of your email can explain that you've attached an encrypted message.
If you prefer to embed the signature directly within the email body, use this command:
gpg --sign --armor email.txt
This will create an email.txt.asc
file that contains both the signed message and the signature. To combine it with the encryption step, you can use:
gpg -a --sign --encrypt --recipient [email protected] email.txt
Tip
Use ASCII Armor when:
- Sending encrypted content in the body of an email,
- Posting encrypted messages on text-based platforms,
- You need the content to be viewable/editable in a text editor,
- Compatibility is a concern (some systems handle ASCII better).
If you receive a GPG-signed email and want to verify the signature, you can run the following command:
gpg --verify email.txt.asc
This command will check the signature and indicate if the email was signed by a valid key.
To decrypt an encrypted email, use one of the following commands based on the file format:
gpg --decrypt email.txt.gpg
or if you used ASCII armor:
gpg --decrypt email.txt.asc
Note
Please note that gpg --decrypt
will verify the signature automatically during decryption if the file was signed.