How to securely transfer source code to EnSoft

When transferring important IP such as source code, it is important to strongly encrypt the transferred files. For this purpose we use OpenPGP, the non-proprietary version of Pretty Good Privacy (PGP). From Wikipedia, “PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and finally public-key cryptography.”

GNU Privacy Guard (GPG) is the most commonly used open-source implementation of OpenPGP. Installations are available for all common operating systems at the GPG website. You will need to download and install the GPG tool for your operating system to use the following steps.

The process to encrypt the source code follows these steps:

  1. Bundle code in compressed file
  2. Download EnSoft PGP public key
  3. Encrypt compressed file using the EnSoft public key as the recipient
  4. Send file to EnSoft

Compressing the Source Code

The first step is to compress all of the source files into a single archive file (.zip, .tar.gz, .7z, etc.). This can be done with a variety of compression tools; most operating systems include a built-in compression tool.

Importing the EnSoft Public Key

After compressing the files into a single archive file, the EnSoft public key will need to be imported into the GPG tool. The steps to do this will depend on the tool that you are using. The EnSoft public key should show as EnSoft Support <support@ensoftcorp.com> in the GPG tool.

Encrypting the File

Now that you have the EnSoft public key, you are ready to encrypt the file for transfer. Some GPG tools include an easy way to encrypt and decrypt files from the user interface (Windows), but others do not (OS X). If your tool does not, you will need to encrypt the file via command line. The documentation for this can be found at http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto-4.html#ss4.1. The file must be encrypted with EnSoft as the designated recipient. If you also have your own public/private key pair, you can choose your own key as a recipient. This will allow you to decrypt the file after it is encrypted.

Sending the File

Once the file is encrypted, it can be safely emailed to EnSoft at the address support@ensoftcorp.com. If you are encrypting a large set of source code, the encrypted file may become too large to send from your email service (maximum file size will depend on the email client/system). If this is the case, please email support@ensoftcorp.com for steps on how to transfer the file using another method.

After the encrypted file is sent to EnSoft, we will be able to decrypt the file using our private key. Since we are the only one with our private key, no one else will be able to decrypt the file.

Bibliography

“Pretty Good Privacy.” Wikipedia. Wikimedia Foundation, 2 Jan. 2015. Web. 08 Jan. 2015.