Closing the email encryption loophole (with OpenPGP!)

Posted by janschulzhofen 3 months ago |

imageIt is 2014. We’ve all been using SSL for a long time now in order to access our favourite cloud services. Of course, Planio uses SSL by default and for everything. In fact, we also provide HTTP Strict Transport Security (HSTS) for browsers that support it, so you cannot even attempt an unencrypted connection to your Planio account.

However, there’s one giant loophole in most web services that we use everyday, and that is email.

In fact, most cloud services will require SSL and ask you to create a secure password. But they will still send you updates including sensitive information via plaintext email. Even in 2014, a regular email is as insecure as a post card. Every server that transmits it has full access to read and potentially store all of its contents.

OpenPGP send and receive support for Planio

Luckily, there are encryption standards like OpenPGP. Using OpenPGP, only the final recipient can decrypt and read your email. And starting today, Planio’s email system is fully OpenPGP-enabled. Securing your email notifications is now as easy as uploading your public PGP key or retrieving it from a key server right in Planio. Of course OpenPGP works both ways: like before, you can still reply to Planio notifications to update issues, forum discussions, etc. all while using OpenPGP encryption. Planio will decrypt your emails after retrieval and update information accordingly.

image
OpenPGP send and receive support for Planio!

We’re making it Open Source

Oh and because we at Planio love Open Source, we have released the code for Mail/ActionMailer with OpenPGP as a Ruby Gem on GitHub.

We hope you like OpenPGP with Planio and our servers look forward to send you all your emails encrypted from now on!

comments powered by Disqus