Secure the email channel with Email This Issue

Emailing is accessible and available all the time, but the importance of using it as a secure channel of communication is somewhat neglected. In its purest form, an email is a plain text file. It is easily readable even if it has rich content or is Base64 encoded. Its content may be read and altered by a malicious interceptor entity.

Two techniques are available at hand to secure an email channel:

Encryption
Digital Signatures

Encryption

Email encryption uses cryptographically secure algorithms to encode the content of emails making it impossible for an unauthorized party to extract and interpret it

Encryption is based on certificates, cryptography protocols and algorithms (such as s/mime and pgp, RSA) and encryption keys (public and private keys).

The sender must obtain the recipient's public key to encrypt the email content. The recipient uses its private key to decrypt the encrypted content.

This flow is now supported by Email This Issue's mail handler. However, some administrative steps must be done first to start using this secure form of emailing.

Obtain the PCKS Certificates (as of now, only S/Mime is supported) containing the private keys
Upload the Certificates in . We store your certificates and private keys in a highly secure, encrypted form to ensure no one can access them.
Associate the certificates with the through which you wish to receive encrypted emails.
Dispatch the public keys to your stakeholders, partners, customers, and colleagues so that they can configure their mailing system to encrypt the emails they send you.

Once everything is set up, Email This Issue will be able to decrypt the emails, extract content and create issues, comments, initialize issue fields etc just like from unencrypted, plain text emails.

An encrypted email's header part is unencrypted and readable plain text. Encryption secures the body content, attachments and embedded files.

Digital Signatures

Digital signatures are encrypted hashes of the email content used to validate that the content was not altered during its journey from the sender to the recipient.

If the validation of a digital signature fails, the content of the email is considered untrustable.

Digitally signed emails may or may not be encrypted. This means that the two techniques may be combined or used separately.

PreviousHow Email This Issue Works NextComparing Email This Issue and Jira Cloud

Last updated 1 year ago

Was this helpful?