Skip to content

Encrypted contact

PGP Key

For anything that shouldn't travel through a web form or unencrypted mail.

When to use this

Our contact form is fine for an introduction, a scheduling request or a general question. It is not fine for site details, vulnerabilities, incident specifics or anything about a named asset. Those go encrypted, or they wait for a call.

If you’re unsure which category you’re in: send an unremarkable message asking for a call, and we’ll agree a channel. Nothing sensitive needs to be in the first message.

Key details

Email
Fingerprint [XXXX XXXX XXXX XXXX XXXX   XXXX XXXX XXXX XXXX XXXX]
Key type[e.g. RSA 4096 or Curve25519]
Created[date]
Expires[date]

Verify the fingerprint

A key published on a website is only as trustworthy as the website. If your enquiry warrants encryption, it warrants verifying the fingerprint through a second channel — ask us by phone, or check a keyserver. Comparing a fingerprint against the same page that served you the key proves nothing.

Public key

-----BEGIN PGP PUBLIC KEY BLOCK-----

[Paste the ASCII-armoured public key block here.]

-----END PGP PUBLIC KEY BLOCK-----

The key is also available as a download: orionyx-pgp.asc — once the file has been placed in the theme’s assets/ directory.

New to PGP?

You’ll need a client. GnuPG is the reference implementation and free; Gpg4win on Windows and GPG Suite on macOS wrap it in something friendlier. Most mail clients support it through a plugin.

If setting this up is a barrier, don’t let it stop you contacting us. Ask for a call. Voice is not encrypted, but it also isn’t stored, forwarded or indexed — which for a first conversation is usually enough.