💾 Archived View for capsule.adrianhesketh.com › 2020 › 10 › 31 › how-to-send-secrets-to-me captured on 2022-07-16 at 13:42:30. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-11-30)
-=-=-=-=-=-=-
If you need to send me an API key, AWS IAM credentials, username/password combination, or other data that you want to ensure remains secure, you can encrypt it for me, and only me, using public key cryptography. This is more secure than using a password.
To do this, you will need to install gpg.
You can do this using your system's package manager (e.g. `brew install gnupg`, `apt-get install gnupg`, `yum install gnupg`, `apk add gnupg`). If you're using Windows, you can download a "binary release" from here: [0]
Once it's installed, you'll need to import my public key into your system to encrypt data for me. First, you'll need my public key.
You can download it from two locations:
- https://github.com/a-h.gpg
- https://adrianhesketh.com/a-h.gpg
For convenience, here's the shell command:
curl https://adrianhesketh.com/a-h.gpg -o a-h.gpg
To ensure you've got the right one, check the SHA256 hash:
# Unix shasum -a 256 a-h.gpg
# Windows Powershell Get-FileHash -Path a-h.gpg
You should see the output:
23cfce59f4bac6aec22bd12c02a48d3d4ad4768ab66ece089c19219604711a99
Next, import my public key into your GPG setup.
gpg --import a-h.gpg
You should see an import complete message. You're now able to encrypt data for me. Let's say that you want to encrypt 'credentials.csv'.
gpg --encrypt --recipient adrianhesketh@hushmail.com credentials.csv
You'll be prompted to make sure that you've downloaded the right key and that you've checked the hashes. If you're sure, enter Y to encrypt.
It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes.
The encrypted data will now be at `<filename>.gpg`, e.g. `credentials.csv.gpg`. You can then send me the `.gpg` file safely via email, Slack or another communication mechanism - just be careful to send the file that ends with `.gpg`, not the unencrypted data.
Pentest passing S3 bucket CloudFormation config