Follow

Today has not been a good day for encryption. One of our Project Managers asked a client for a PGP key so we could encrypt our files, they sent us the password. Not even sure where to go with that one.

@mike I think this is the problem with technologies like this. I try to stay away from complicated "out of the ordinary" stuff like this with a lot of customers. The solution adds too much vulnerability if you're not familiar.

@Willger I agree in normal situations, but I work in pharmaceuticals and the information we're passing back and forth contains personal information on customers. It NEEDS to be encrypted.

@mike Then I agree with the sad Keanu meme 😢

@mike would it be an option to switch to an email provider that would handle the encryption, like @Tutanota or @protonmail? (We are talking about email encryption, right?)

@RyuKurisu No, these are database extracts dumped to text that are transferred over SFTP sessions. The whole process should be automated. An automated process on our side extracts the data, encrypts it, and sends it, and a different automated process on their side should decrypt it, load it, and delete the file. I'm seriously doubting that's how things are going to work on their side.

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.