How to transfer data securely

How can we securely transfer sensitive information (such as private keys, passwords, database dumps, tokens, other forms of high sensitive data etc.) between VSHN and Customers?

Emails (for example Jira comments) are NOT considered safe. Ask for credentials rotation if a customers sends passwords via Email

Passwords / Tokens

Accepted

  • Share password via tickets in VSHN Control (via secrets, see control.docs.vshn.ch/control/tickets_detail.html#secrets)

    • Choose a shortest time possible for availability.

    • Link to password will be deleted after one access.

  • GPG encrypted

    • Encrypt asymmetrically with the public key of firstname.name@example.com

      # if not yet done, import public key of recipient
gpg --import public.key

# encrypt password.txt to file password.gpg
gpg --output password.gpg --encrypt --recipient firstname.name@example.com password.txt

  • In a file on a server where customer has SSH access

    • Preferably combined with symmetric encryption via GPG (that password can be shared via a less secure method as it’s only temporary). Encrypt symmetrically with

      # encrypt with
gpg --output password.gpg --symmetric password.txt

# decrypt with:
gpg --decrypt password.gpg

  • The one who needs the password writes it in a text file and drops it on a VSHN Nextcloud Drop only link (create folder and share it with "upload only")

  • Passwords for VSHNeers could be shared via Threema if you have scanned the users ID.

Insecure and therefore not accepted

  • Customer Slack channels (Slack may send emails if person is offline)

  • Customer provided password/token directly via control.vshn.net/tickets (email is sent to watchers of the ticket)

  • Jira

  • E-mail

  • VSHN RocketChat

    • Notification will still be send via unencrypted email should the user be offline

  • 3rd Party Apps like pwpush, send.firefox.com, onetimesecret.com, snappass.ch

Big Files (Database Dumps, etc.)

Accepted

  • VSHN Nextcloud, Customer Share "VSHN Customer Share" on Nexcloud. Create a Share link with a password, make the link expired after a few days or so. Provide the link and the password via different channels (for example link via email, password via Snappass implementation in control.vshn.net)

  • Storing on a server where customer already has secure access to (for example via SSH with pubkey)

  • Jira is accepted if the file is only uploaded to the ticket, and not mentioned in a comment. If it is mentioned in a comment, it will be sent.

    • Delete the file after transfer was successful.

Insecure and therefore not accepted

  • E-mail

  • Jira, when the file is added to a comment. That will send the file via mail.

  • Other cloud providers (for example Google Drive, OneDrive, DropBox, etc.)

  • Password encrypted zip files; quote from man password for --password: "And where security is truly important, use strong encryption such as Pretty Good Privacy instead of the relatively weak standard encryption provided by zipfile utilities."

Annex

Relates to VSHN ISMS Anhang: Anleitung zur Schlüsselverwaltung