ansaurus

Question

Best practice to send secure information over e-mail?

Answer 1

+1 A:

Sadly, I don't think there is a practical solution for you here if you are taking about a mailto: URL.

The only secure way to send things over email is encryption. You can use PGP or S/MIME, but neither of those are easy to deploy for arbitrary users on web forms, since you can't easily set the user up with a PGP key or an X.509 certificate.

If you are deploying a web site from a hosted environment, it is possible that the code you control could encrypt the data and then send it. You could, for example, use GPG to encrypt with a public key of your own, and then send the results out in an email message. But that requires code, not just a mailto: url.

Unless you can find a public key encryption library in Javascript.

bmargulies 2009-11-20 15:01:22

Answer 2

+2 A:

Encryption, Encryption, Encryption!!! Nothing else :)

Elalfer 2009-11-20 15:01:30

Answer 3

+7 A:

The best course of action would be to run the other way, fast. Redesign your application so that it doesn't enable identity theft.

You can use S/MIME or PGP to send secure email to most non-Web email clients, but it takes a lot of set up either way: the recipient has to have a certificate, and you have to get the right certificate for each recipient.

As an example of a better design, consider one where the recipient is mailed a notification, and then returns to the web site to view the information after authenticating securely over SSL.

While it helps to reduce the complexity of the system needed by the recipient, the bigger win is that it strengthens control over the distribution and retention of the sensitive information, and aids in auditing the access to that information. Sending someone an email makes it that much easier for them to store it unsafely, forever, or forward it to unauthorized recipients.

erickson 2009-11-20 15:01:33

+1 for running the other way. I can't think of a reason why you would NEED to send an SSN over email. Sounds like a HIPAA nightmare.

Chris Kloberdanz 2009-11-20 15:16:23

This isn't that much work - or at least it shouldn't be. Yes there are some management issues with certificates and yes its a lot more work than not doing it at (what isn't?) but these are notionally solved problems. I'm not necessarily disagreeing with the notion of a re-design but if the details are *required* then despatching them in an encrypted and signed email and forgetting them rather than storing them for access on the server raises interesting questions in terms of which is safer.

Murph 2009-11-20 15:21:24

It depends on who the recipients are. In this case, it may well be that there is just one, who is an "administrator" of the system, of some sort. In that case, no, it isn't hard to provision the certificates. The only system where I have had success in using S/MIME with a wide audience of recipients is in the US government, after investment of millions---probably hundreds of millions---of dollars in their PKI. Even then, it's exceptionally burdensome to educate users and make the system work.

erickson 2009-11-20 15:48:20

Answer 4

+1 A:

In short no. Email by default is un-protected. You use encryption programs to protect the information inside, but that requires the end user to be able to decrypt it.

The easiest way would probably be to create an ssl encrypted site where the user can log in and access the information.

Kevin 2009-11-20 15:02:13

Answer 5

+2 A:

Put the data into an encrypted attachment of the mail. The attachment can be any format you like. This will make parsing on the other side reliable. You can use any codec which ASP.NET supports, so you can choose anything that the other side can read.

Aaron Digulla 2009-11-20 15:07:07

Answer 6

A:

I use Gmail SMTP which uses TLS. I'm not a .NET person but it's very easy to connect to through a Rails app for instance. And it's free!! Of course I think you only get about 200 msgs a month, but you can pay for more

brad 2009-11-20 15:08:50

That's not true; there are no small limits on the number of messages you can send through Gmail.

SLaks 2009-11-20 15:11:20

Answer 7

A:

If you have "control" of the receiver side (by this, I mean if the receiver is not a lambda user), I'll go for public/private key encryption with PGP. This article has a fully working example using GnuPG with .NET.

Pascal Thivent 2009-11-20 15:12:22

Answer 8

A:

Let me rephrase the information flow to see if I got it right.

a) User U puts information into form at website W, b) W then sends information to U via eMail.

That makes two communication processes that have to be protected. As you are only asking for protection of b) I assume you are already using TLS/SSL during a).

To protect b) you need some keys for encryption. I see two solutions: either some symmetrical secret that is exchanged during a) or some asymmetric public key that is exchanged during a). The latter one doesn't need any secrecy during a), which is an advantage, but you still need to authenticate that this key is indeed coming from U.

Both types of keys may be transferred during a), you probably just have to insert a new field into your form. In both cases U needs to have the necessary software to decipher any encrypted communication received in b). Having x509-Certificates or PGP-Keys as the two standard encryption algorithms these are probably the best guesses to start with. I am not sure how much is supported by ASP.NET, but even if I assume eMail encryption is not supported directly, some encryption should be supported.

Problem still is, that you will not find a solution that does not assumes some features of U's mailclient (above reading eMails, for some of us encryption is a fairly common feature).

Don Johe 2009-11-20 15:29:51

Talk about an unnecessary use of variables...

Dolph 2010-06-11 21:15:01

Answer 9

A:

You may want to look at http://ecocrypt.com/SecureMessage/
This will allow you to create an encrypted message that can be sent over standard email.

I think they have an API you can use for purchase/license( very low cost...) But users can encrypt/decrypt in the cloud without having any set up requirements.

This will create a message like:

Encrypted Message Using http://ecocrypt.com/SecureMessage
To read this secure message do the following:
    1.  go to http://ecocrypt.com/SecureMessage:
    2.  Copy this ENTIRE message into the encrypted message area:
    3.  Enter the message pass phrase:
    4.  Press the Decrypt button:
    NOTE: the message pass phrase was sent in a separate message, or the sender assumed you already have it.
    NOTE: If you need or lost the pass phrase contact the sender at:[email protected]
------------------HEAD--------------------------------
ECOCRYPT:67570:95992fad87a1165c100a0b915f86ce7f:
------------------START--------------------------------
GyuyjmHF68edfoSGM0YqtICXPrA6P69Pf7pXdgZ22g1PjzoANDOVy+0UJ/P0Pb+B09O+IsXqWPus

BO1gsVOA1BnMEE5r68A2fa02nRC9F3anVV8rvZDiZdfu9up2uDWrtsGhlLcHI6iKau4z7dAxq6qV

k7C/o2l3

------------------END--------------------------------

It can be decrypted if the user knows the correct pass phrase.

Same address in the cloud: http://ecocrypt.com/SecureMessage/ The message Decrypted:

Greetings,

This is a test Message.

Sensitive Information Goes Here:

name ss and other sensitive info.


Thanks.

Q Boiler 2010-06-11 21:10:16

ansaurus

tags:

views:

answers:

Best practice to send secure information over e-mail?

This will create a message like:

It can be decrypted if the user knows the correct pass phrase.

related questions