• Request for Comment

    • Secure Transmission of Sensitive Information

    Owned by Luke Fritz (Unlicensed)
    Last updated: 14 March 2023
    1 min read

    When working with various Armor teams, it may be required in the normal course of business to transfer sensitive data to us. In order to do this securely, we provide a public GPG key that you can use to encrypt such sensitive data prior to sending it to us – this guarantees that only Armor is able to read the data if it is intercepted in transit.

    Prerequisites

    Download and install GnuPG

    Download and install Armor’s public GPG key

    Download the key from the URL below, then run the following commands to install and trust the key:

    https://www.armor.com/.well-known/support@armor.com.asc

    Import the key to your key ring

    gpg --import support@armor.com.asc

    Trust the key

    gpg --edit-key CBA3B180B552418103B86473D170E209DCC6F517

    This will open the key editor prompt gpg>. In that prompt type trust then enter 4 to fully trust this key. Press enter, then type quit and press enter again to exit.

    Encrypt the sensitive file

    Use the following command to encrypt a file – replace the path with your own target file.

    gpg --encrypt --recipient support@armor.com /path/to/sensitive/file.txt

    This will create a file at /path/to/sensitive/file.txt.gpg with the encrypted data that only Armor Support can read. You can attach this file to your support request or via chat with an Armor agent.

    As always, the file should be encrypted in transit (for example via TLS/HTTPS) even though the file is already encrypted at rest.

    You should remove the sensitive file if it is no longer needed.