Tools

Tools: GPG Encrypted Email from the Terminal — Sign, Encrypt, Verify (2026)

2026-04-02 0 views admin
Tools: GPG Encrypted Email from the Terminal — Sign, Encrypt, Verify (2026)

Prerequisites

Sign an email

Encrypt an email

Sign and encrypt

Verify incoming signed emails

Decrypt incoming encrypted emails

Key management

Encrypted email with attachments

When to use GPG email

Automation: sign all outgoing email

Verify email deliverability

Works with any provider

Compared to manual GPG + sendmail Sending encrypted email from the command line traditionally means piping through gpg, manually managing keyrings, and building PGP/MIME messages by hand. Most developers skip it because the tooling friction isn't worth it for a quick message. Nylas CLI has built-in GPG support. Sign, encrypt, or both — with a single flag. It auto-fetches recipient keys from keyservers, handles RFC 3156 PGP/MIME formatting, and works with Gmail, Outlook, Exchange, Yahoo, iCloud, and IMAP. You need GPG installed and a keypair generated: And Nylas CLI installed and authenticated: Full setup: Getting Started with Nylas CLI Digital signatures prove the email came from you and wasn't tampered with in transit: The CLI finds your default GPG key, signs the message, and sends it as a PGP/MIME signed message. Recipients with GPG can verify the signature automatically. End-to-end encryption means only the recipient can read the message: The CLI fetches the recipient's public key from keyservers (keys.openpgp.org, keyserver.ubuntu.com) automatically. No manual key import needed. For maximum security — authenticate the sender AND protect the content: The CLI auto-fetches keys when you use --encrypt, but you can pre-import keys for faster sends. The attachment is encrypted along with the message body inside the PGP/MIME envelope. For compliance workflows where every message must be signed: For credential management and API key rotation in automated workflows, see Secure Email Handling for CLI. Signed emails can trigger spam filters if SPF, DKIM, and DMARC aren't configured correctly. Debug delivery issues: Full guide: SPF, DKIM, DMARC: Debug Email Deliverability GPG signing and encryption work across all Nylas CLI providers: For a full comparison of CLI email tools: Best CLI Email Tools Compared Full guide with key management, batch operations, and compliance workflows: GPG Encrypted Email from the CLI All guides: cli.nylas.com/guides Templates let you quickly answer FAQs or store snippets for re-use. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse

Command

Copy

# Install GPG (if not already present) # macOS -weight: 500;">brew -weight: 500;">install gnupg # Ubuntu/Debian -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install gnupg # Generate a key if you don't have one gpg --full-generate-key # Install GPG (if not already present) # macOS -weight: 500;">brew -weight: 500;">install gnupg # Ubuntu/Debian -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install gnupg # Generate a key if you don't have one gpg --full-generate-key # Install GPG (if not already present) # macOS -weight: 500;">brew -weight: 500;">install gnupg # Ubuntu/Debian -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install gnupg # Generate a key if you don't have one gpg --full-generate-key -weight: 500;">brew -weight: 500;">install nylas/nylas-cli/nylas nylas auth login -weight: 500;">brew -weight: 500;">install nylas/nylas-cli/nylas nylas auth login -weight: 500;">brew -weight: 500;">install nylas/nylas-cli/nylas nylas auth login nylas email send \ --to "[email protected]" \ --subject "Signed release notes" \ --body "v2.1.0 is ready for deployment." \ --sign nylas email send \ --to "[email protected]" \ --subject "Signed release notes" \ --body "v2.1.0 is ready for deployment." \ --sign nylas email send \ --to "[email protected]" \ --subject "Signed release notes" \ --body "v2.1.0 is ready for deployment." \ --sign nylas email send \ --to "[email protected]" \ --subject "Contract terms" \ --body "See the updated terms in the attachment." \ --encrypt nylas email send \ --to "[email protected]" \ --subject "Contract terms" \ --body "See the updated terms in the attachment." \ --encrypt nylas email send \ --to "[email protected]" \ --subject "Contract terms" \ --body "See the updated terms in the attachment." \ --encrypt nylas email send \ --to "[email protected]" \ --subject "Confidential: Merger documents" \ --body "Encrypted and signed. Please verify signature." \ --sign --encrypt nylas email send \ --to "[email protected]" \ --subject "Confidential: Merger documents" \ --body "Encrypted and signed. Please verify signature." \ --sign --encrypt nylas email send \ --to "[email protected]" \ --subject "Confidential: Merger documents" \ --body "Encrypted and signed. Please verify signature." \ --sign --encrypt # Read a message and verify its GPG signature nylas email read msg_abc123 --verify # Output shows verification -weight: 500;">status # => ✓ Good signature from "Alice Smith <[email protected]>" # => Key: 4096R/0xABCD1234 (expires 2027-01-01) # Read a message and verify its GPG signature nylas email read msg_abc123 --verify # Output shows verification -weight: 500;">status # => ✓ Good signature from "Alice Smith <[email protected]>" # => Key: 4096R/0xABCD1234 (expires 2027-01-01) # Read a message and verify its GPG signature nylas email read msg_abc123 --verify # Output shows verification -weight: 500;">status # => ✓ Good signature from "Alice Smith <[email protected]>" # => Key: 4096R/0xABCD1234 (expires 2027-01-01) # Decrypt and display an encrypted message nylas email read msg_xyz789 --decrypt # Requires your private key to be in your GPG keyring # Decrypt and display an encrypted message nylas email read msg_xyz789 --decrypt # Requires your private key to be in your GPG keyring # Decrypt and display an encrypted message nylas email read msg_xyz789 --decrypt # Requires your private key to be in your GPG keyring # List keys in your keyring gpg --list-keys # Import a colleague's public key gpg --keyserver keys.openpgp.org --recv-keys 0xABCD1234 # Export your public key for sharing gpg --armor --export [email protected] > my-public-key.asc # List keys in your keyring gpg --list-keys # Import a colleague's public key gpg --keyserver keys.openpgp.org --recv-keys 0xABCD1234 # Export your public key for sharing gpg --armor --export [email protected] > my-public-key.asc # List keys in your keyring gpg --list-keys # Import a colleague's public key gpg --keyserver keys.openpgp.org --recv-keys 0xABCD1234 # Export your public key for sharing gpg --armor --export [email protected] > my-public-key.asc nylas email send \ --to "[email protected]" \ --subject "Contract v3" \ --body "Latest revision attached." \ --attach "contract-v3.pdf" \ --sign --encrypt nylas email send \ --to "[email protected]" \ --subject "Contract v3" \ --body "Latest revision attached." \ --attach "contract-v3.pdf" \ --sign --encrypt nylas email send \ --to "[email protected]" \ --subject "Contract v3" \ --body "Latest revision attached." \ --attach "contract-v3.pdf" \ --sign --encrypt # Wrapper script: signed-send.sh #!/bin/bash nylas email send "$@" --sign --yes # Wrapper script: signed-send.sh #!/bin/bash nylas email send "$@" --sign --yes # Wrapper script: signed-send.sh #!/bin/bash nylas email send "$@" --sign --yes # Check SPF records dig TXT company.com | grep spf # Verify DKIM dig TXT selector._domainkey.company.com # Check SPF records dig TXT company.com | grep spf # Verify DKIM dig TXT selector._domainkey.company.com # Check SPF records dig TXT company.com | grep spf # Verify DKIM dig TXT selector._domainkey.company.com - Gmail (List Gmail Emails) - Outlook (Send Outlook Email) - Exchange (List Exchange Emails) - Yahoo (Send Yahoo Email) - iCloud (Send iCloud Email) - Send Email from the Command Line - Secure Email Handling for CLI - AI Agent Audit Logs - Replace Send-MailMessage in PowerShell - Give Your AI Agent an Email Address - Extract OTP Codes from Email

🏷️ Tags

toolsutilitiessecurity toolsencryptedemailterminalencryptverify

More from Tools

Tools: AI-Native IDS: Raspberry Pi as an Edge SOC Autonomous

Tools: AI-Native IDS: Raspberry Pi as an Edge SOC Autonomous

2026-04-02 0
Tools: Update: Setting up Bitwarden as your Password Manager: A Complete Beginner Guide

Tools: Update: Setting up Bitwarden as your Password Manager: A Complete Beginner Guide

2026-04-02 0
Tools: Ultimate Guide: How I Spent a Day Trying to Recover a Crashed OpenStack Environment — And What I Learned

Tools: Ultimate Guide: How I Spent a Day Trying to Recover a Crashed OpenStack Environment — And What I Learned

2026-04-02 0
Tools: Building a High-Performance DDoS Mitigation Pipeline with nftables and XDP

Tools: Building a High-Performance DDoS Mitigation Pipeline with nftables and XDP

2026-04-02 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views