Skip to content

Sending us sensitive content using GPG

The GPG public keyring for the DevOps team can be used to securely send files or emails to us.

Encrypt a file online

You can use this tool to securely encrypt a file to send to us via email. The data does not leave your web browser. All encryption is done entirely on your own device.

Firstly, select recipients for the file:

Hint: use Ctrl or Option key to select multiple recipients.

Secondly, paste the contents of the file:

And finally send us the encrypted contents using the appropriate method listed on the contact page.

Encrypting secrets via the command line

Here are some handy commands to keep around for using GPG to communicate with us. These instructions assume that:

  1. you have GPG installed and
  2. are relatively familiar with using the command line.

Listing contents of the public keyring

Download our GPG public keyring and use the following command:

gpg --list-keys --no-default-keyring --keyring ./teampubkeys.gpg

Encrypting a file to send to us

Download our GPG public keyring and use the following command to encrypt a file named foo.txt so that spqr1@cam.ac.uk and jo.example@uis.cam.ac.uk can decrypt it:

gpg --no-default-keyring --keyring ./teampubkeys.gpg --armour \
  --recipient spqr1@cam.ac.uk \
  --recipient jo.example@uis.cam.ac.uk \
  --encrypt foo.txt

Note

The recipient email address must match those listed in the public keyring. The use of --no-default-keyring helps ensure that the key you use for a recipient is one from our team keyring and not a personal key.

Updating the public key ring

If you're a DevOps division member, you can open a merge request on the guidebook project in GitLab updating docs/downloads/teampubkeys.gpg. To import your public key into the keyring:

gpg --no-default-keyring --keyring ./teampubkeys.gpg --import [KEYFILE]

where [KEYFILE] is your public key. The GPG manual has a page on extracting your public key.

Note

If the command appears to have no effect, see if you have "use-keyboxd" in ~/.gnupg/common.conf. If present, comment it out with an initial # before running the command above. Make sure to restore this file to its original state after importing the key.