Encrypted contact
PGP Key
For anything that shouldn't travel through a web form or unencrypted mail.
When to use this
Our contact form is fine for an introduction, a scheduling request or a general question. It is not fine for site details, vulnerabilities, incident specifics or anything about a named asset. Those go encrypted, or they wait for a call.
If you’re unsure which category you’re in: send an unremarkable message asking for a call, and we’ll agree a channel. Nothing sensitive needs to be in the first message.
Key details
| Fingerprint | [XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX] |
| Key type | [e.g. RSA 4096 or Curve25519] |
| Created | [date] |
| Expires | [date] |
Verify the fingerprint
A key published on a website is only as trustworthy as the website. If your enquiry warrants encryption, it warrants verifying the fingerprint through a second channel — ask us by phone, or check a keyserver. Comparing a fingerprint against the same page that served you the key proves nothing.
Public key
-----BEGIN PGP PUBLIC KEY BLOCK----- [Paste the ASCII-armoured public key block here.] -----END PGP PUBLIC KEY BLOCK-----
The key is also available as a download:
orionyx-pgp.asc
— once the file has been placed in the theme’s assets/ directory.
New to PGP?
You’ll need a client. GnuPG is the reference implementation and free; Gpg4win on Windows and GPG Suite on macOS wrap it in something friendlier. Most mail clients support it through a plugin.
If setting this up is a barrier, don’t let it stop you contacting us. Ask for a call. Voice is not encrypted, but it also isn’t stored, forwarded or indexed — which for a first conversation is usually enough.