Secure File Transfer Guide (SFTP with GPG Encryption)

To ensure secure file sharing with us, please follow these instructions to encrypt your files using GPG (Gnu Privacy Guard). This method protects your data during transmission and ensures that only we can decrypt the files.

Step 1: Install GPG Software

If you don’t already have a GPG tool, download and install one of the following based on your operating system:

• Windows: Gpg4win
• Mac: GPGTools
• Linux: GPG is often pre-installed. If not, install it using your package manager (e.g., sudo apt install gnupg).

Step 2: Import Our Public Key

We have provided our public GPG key in a file named public_key.asc. Follow these steps to import it:

1. Save the file public_key.asc to your computer.
2. Import the key into your GPG tool:

• Command Line (GPG):

  gpg --import public_key.asc

• Graphical Interface:
  • Open your GPG application.
  • Locate the "Import Key" option.
  • Select public_key.asc and import it.

3. Verify the key by checking the key ID or fingerprint against the one we provided:

• Command Line (GPG):

  gpg --list-keys

Step 3: Encrypt Your File

1. Prepare the file you want to share (e.g., sensitive_data.jsonl).
2. Encrypt the file using our public key:

• Command Line (GPG):

  gpg --encrypt --recipient "engineering@qlarifi.com" sensitive_data.jsonl

• Graphical Interface:
  • Right-click the file and select "Encrypt."
  • Choose our public key as the recipient.

3. The encrypted file will be created with a .gpg extension (e.g., sensitive_data.jsonl.gpg).
4. Verify that the encrypted file exists and delete the original unencrypted file for security.

Step 4: Upload the Encrypted File via SFTP

Follow these instructions to securely upload your encrypted file to our SFTP server.

1. Save the Transfer Key
   • We will provide a private key file (transfer-key) via a secure link in 1Password.
   • Save the key to a file named transfer-key on your system.
   • Set the correct permissions for the key file to ensure security:

   chmod 600 transfer-key

2. Connect to the SFTP Server
   • Open your terminal or command prompt.
   • Use the following command to connect to the SFTP server:

   sftp -i transfer-key your_name@server

   • Replace your_name with the username we provided.
3. Verify the Connection
   • After connecting, check the server directory to confirm the connection is active:

   ls

   • This will list the files and directories available on the server.
4. Upload the Encrypted File Upload your encrypted file (e.g., sensitive_data.jsonl.gpg) with the following command:

   put sensitive_data.jsonl.gpg

   • This command transfers your encrypted file to the designated folder on the server.
5. Exit the Session
   • Once the file is uploaded, disconnect from the server by typing:

   exit

Additional Notes

File Security: Ensure you upload the encrypted file (e.g., sensitive_data.jsonl.gpg), not the original unencrypted version.

Step 5: Notify Us

Once the file is uploaded:

• Email us to confirm the upload.
• There is no need to share an encryption key since we can decrypt the file using our private GPG key.

Important Notes

• If you encounter any issues during the process, contact us for support.
• Ensure that your GPG software is up-to-date to maintain strong security.
• Always delete the unencrypted version of your file after encrypting it.