Sharing Private Data with Moovweb
Moovweb considers the protection of our customer’s private data — especially personally-identifiable information (PII), private keys, secrets, etc. — to be one of our most important responsibilities. As such, we employ a number of security best practices when such private data must change hands.
One method we use to ensure the integrity/authenticity of private data is to require data be signed and encrypted using PGP.
In order to sign/encrypt your data, you will need:
Keybase - Grab the installer for your operating system on the Keybase download page.
Without a Keybase account, you are limited to encryption only. In order to sign the encrypted output, you will need to sign up for a free Keybase account. We recommend doing so, as a cryptographic signature helps the recipient ensure integrity/authenticity of the encrypted data.
Our PGP Public Keys
The following are the public keys which belong to our Platform Engineering and Site Reliability Engineering team members:
|Full Name||Keybase URL||PGP Key Fingerprint|
Encrypting & Signing Data
Use the following command to encrypt a file (in this example:
key.pem) for the Keybase user “jdelsman”, sign it using your PGP secret key, and save the output to another file:
keybase pgp encrypt jdelsman \ --no-self \ --infile key.pem \ --outfile key.pem.asc \ --sign
If you have GnuPG and your public/secret keyring is set up already, you may opt to fetch an engineer’s public key using cURL and import it to your keyring:
curl https://keybase.io/glennonng/key.asc | gpg --import gpg: key 667303BF4CCCBFCA: public key "Glennon Ng <email@example.com>" imported gpg: Total number processed: 1 gpg: imported: 1
Once you’ve imported the key, you can run any
gpg commands you’d like. To encrypt/sign a file using the newly imported key:
gpg --encrypt --sign --armor -r 667303BF4CCCBFCA -o key.pem.asc key.pem
Sending Encrypted Data to Moovweb
Once the file(s) are signed and encrypted, please e-mail them directly to firstname.lastname@example.org. Be sure to include the name of the engineer whose public key you encrypted the data for in either the subject line or the body of the message, and add the encrypted files as attachments.
Once we receive the data, our system will send you a confirmation along with a ticket ID. Also, you can reference this ticket ID with your engagement manager.