I have a rails application that triggers Emails on certain events. These emails are sent to a separate company who will add some additional data to the email when replying. This is all understood and working, I am parsing the replies, extracting the data and it works fine.
I have now been asked to encrypt the emails.
Does anyone have any experience/ideas on the best way to do this?
I can not guarantee what Email client the 3rd party will be using so I need a solution that would work generically across many email clients. The encryption must be made both by my application when I send the email and by the client application (Outlook, Thunderbird, Entourage etc) when it replies. I will then need to receive the encrypted email, decrypt and parse it to extract the new information I need.
Can anyone point me at plugins/documents that would help me achieve this?
If the other end doesn't use your application, you should use S/MIME or PGP.
Most desktop email clients support S/MIME out of the box, and PGP is usually available as a plugin (for Thunderbird there's Enigmail, for Apple Mail there's GPGMail, etc.).
Also, S/MIME needs certificates, which you can create yourself or purchase from a Certificate Authority (like Verisign or Thawte), depending on your needs.
I'm sure there are S/MIME and PGP libraries for Ruby, but a quick search didn't reveal the "one true library" for me. However, you can always let OpenSSL (for S/MIME) or GPG do the heavy-lifting for you.
I think Güder's answer is excellent, but keep in mind that all that necessitates that the user already have something like GPG installed and an associated key available. This grueling setup process is about 95% of the obstacle to getting email encryption more widespread.
Are you certain that the individuals who commissioned this project understand that it's not as simple as flipping a switch in the code to send encrypted emails?
One option is to incorporate in the install process for your program a key management routine that depends on (and includes) GPG. Then the user could select a very difficult passphrase (make sure to run checks on it so it's at the very least alphanumeric, etc.), a public key could be generated from that, and uploaded to the popular keyservers.
The generated key could be used for the emails the program generates, and most importantly, the key would be unique to each user. Then you can do a regular external call to the default email client on the user's OS to open the email.
To make sure that the email gets opened up encrypted, I would check on the environment and get the default email client, then send the email from your program with the necessary flags necessary to have the generated email be encrypted. This means it's going to be different for Thunderbird's Enigmail than it is for Apple's Mail, for example.
But don't forget about OpenSSL, certainly....
Related
I am working on a Third party application where I want to send customized template emails to user using webhooks when user place order or shipment gets created.
Is it possible to prohibit system to send email to user who place order and instead of that just fire an event to a third party app(using a webhook) so that that third party app will send email to that user with required and customized new details in new email template(which is not available in default variables of email templates)?
Any solution for this? Please
There's two options. One enables you to prevent emails from being sent and the other repurposes the initial default email. There isn't currently a way to disable the email from being sent as the setting doesn't existing in BigCommerce.
Option 1
Set up an SMTP server and configure mail relay rules
SendGrid covers some good basics on what mail relay is. BigCommerce has a support article for connecting your store to a custom SMTP server. You can also see more in the instructions from Microsoft on how to configure mail relay rules for Exchange.
Overall, this option is more complex.
Option 2
Conversio has a quick and easy guide on replacing the content of the default emails. It isn't the ideal solution, but it is less confusing than sending two receipts.
I am developing an application on Rails and I need to know if its possible to write code which will notify me when the user opens an email that has been sent from my application (need to track this info) ?
The main bit of data I need is was it opened.
thanks
You can do this but there is no 100% certainty you will always get a notification.
SMTP has 2 standards, they are DSN and MDN. Both are in effect optional, there is no guarantee that the email system of the targeted email recipient (your user) will implement them too.
The easiest way is to pit in a "Return-Receipt-To:" (RRT) email header. Put some address as the content of the header. Now when a user opens an email message containing this header, the clients email reader will msot likely prompt your users whether or not to send a return receipt. If the do comply and email will be sent to the address you specified.
In Rails it could be something like:
themailer < ActionMailer::Base
def notify_read
headers['Return-Receipt-To:'] = 'notifyread#mysite.com'
mail(:to => 'users#somecompany.com')
end
end
You could just use an email address you monitor and read them manually OR you could set up rails to read these emails as well. But there is no guarantee you will ALWAYS get an acknowledgment.
Additionally you could check each email domain, many of the big free email providers have proprietary methods of requesting the return receipt. If you add ".readnotify.com" onto the end of your recipients email address you will get a return receipt. You will have to research all the big ones though.
For example:
user#yahoo.com.readnotify.com
Hope that helps
Source: http://railsforum.com/viewtopic.php?pid=147997#p147997
A common way of implenting this is to include a link to an invisible image file, with the link including sufficient details about the email for you to be able to identify which email is being viewed.
When the image is requested by the mail client, your server can then record the viewing attempt. If you use a 3rd party email provider (such as sendgrid, postageapp) then sometimes they'll do that for you and ping your server with the appropriate event. I strongly suspect that this is what readnotify is doing under the hood (someone took the trouble of looking at this a while ago
This isn't completely accurate as some (many?) users turn off remote image viewing in their mail viewers.
My app creates an email that can have sensitive data in it (depending on the users perspective). Is there a way on the iphone's email client not save a copy in the Sent folder.
And in the same way, if the user choses they can send it via text..is there a way to not have it be in the Message streams.
I'm thinking there is not but I'd love confirmation of this if possible. I've been scouring but can't seem to tell if it's possible.
Thanks.
I'll break this into two parts:
Not putting a copy of a sent message in the sent folder:
There's no easy way to do this since you don't have access to a user's mail. You could have the user enter their email service's IMAP details and write your own mail sending implementation that then goes and deletes the sent message from the server, but it's possible that mail clients would keep a local copy regardless of what happens on the server if they grab the message before you delete it. Regardless, this is a really terrible user experience (having the user enter IMAP details, not using the built in mail composer) and it'd be difficult to write (and you would need to be insanely careful about deleting something from a user's mailbox, and you'd have to ask them if it's okay to do so).
Not showing a text message in a Messages app conversation stream:
There's actually a way to do this. Text messages can be sent to users via a specially formatted email address that's different for every cell service provider. For example, to send a text to a Verizon subscriber it'd be 5551239876#vtext.com. For this solution to work you'd need to send the message using some sort of automatically generated email address that you retrieve from a mail server you've created, and then you'd need to implement your own SMTP mailer on the device. Of course, a user can always request text message transcripts from their cell service provider (and some have easy access online) and there's no way around that.
How sensitive is this information? Email and text message aren't very secure protocols. You may want to consider alternative methods that provide encryption and authentication mechanisms.
No its not possible if you are using the built in mailer in iOS. Something you could do if you wanted to get around this would be to make a customer mailer, send the information to a server and send off the mail through code but this is quite a bit more work.
I am creating a Twitter client for Mac OS X and I have a Consumer secret. It's to my understanding I should not share this secret key. The problem is that when I put it as a string literal into my application and use it, like this:
#define QQTwitterConsumerSecret #"MYSECRETYOUMAYNOTKNOW"
[[QQTwitterEngine alloc] initWithConsumerKey:QQTwitterConsumerKey consumerSecret:QQTwitterConsumerSecret];
It is in the data section of my application's binary. Hackers can read this, disassemble the application, etcetera.
Is there any safe way of storing the Consumer secret? Should I encrypt it?
There is no real perfect solution. No matter what you do, someone dedicated to it will be able to steal it.
Even Twitter for iPhone/iPad/Android/mac/etc. has a secret key in there, they've likely just obscured it somehow.
For example, you could break it up into different files or strings, etc.
Note: Using a hex editor you can read ascii strings in a binary, which is the easiest way. By breaking it up into different pieces or using function calls to create the secret key usually works to make that process more difficult.
You could just base64-encode it to obfuscate it. Or, better idea, generate the key instead of just storing it - write something like this:
char key[100];
++key[0]; ... ; ++key[0]; // increment as many times as necessary to get the ascii code of the first character
// ... and so on, you get the idea.
However, a really good hacker will find it no matter what; the only way to really protect it from others' eyes is using a secure hash function, but then you won't be able to retrieve it, too :)
You should not use a secret api key in an application that does not run solely on your server.
Even if it's perfectly hidden.. you can always snoop on the data going through the wire. And since it's your device you could even tamper with SSL (man in the middle with a certificate created by a custom CA which was added to the device's trusted CA list). Or you could hook into the SSL library to intercept the data before actually being encrypted.
A really late answer...
If you setup your own server, you can use it for helping you desktop app getting authorized by users on twitter without sharing (i.e.: embedding) your secret key.
You can use this approach:
When a user installs you desktop app she must register it with twitter and with your server
*)
*) The app asks the server to generate the token request URL
*) The server sends the generated URL to the app
*) The app directs the user to the authorize URL
*) The user authorizes your app on twitter and pastes the generated PIN into it
*) Using the PIN you app grabs the token
*) All further communication uses the token and does not involve your server
Note: the app logs to your server using the user credentials (e.g.: id and password) for your server.
I need to establish a HTTPS 2-way SSL connection from my iPhone application to the customer's server.
However I don't see any secure way to deliver the client side certificates to the application (it's an e-banking app, so security is really an issue).
From what I have found so far the only way that the app would be able to access the certificate is to provide it pre-bundeled with the application itself, or expose an URL from which it could be fetched (IPhone app with SSL client certs).
The thing is that neither of this two ways prevent some third party to get the certificate, which if accepted as a risk eliminates the need for 2-way SSL (since anyone can have the client certificate).
The whole security protocol should look like this:
- HTTPS 2-way SSL to authenticate the application
- OTP (token) based user registration (client side key pair generated at this step)
- SOAP / WSS XML-Signature (requests signed by the keys generated earlier)
Any idea on how to establish the first layer of security (HTTPS) ?
Ok, so to answer my own question...
It turned out that the security has no fixed scale of measurement.
The security requirements are satisfied as long as the price for braking the system is significantly above the prize that one would get for doing so.
In my situation we are talking about e-banking system, but with somewhat low monthly limits (couple of thousands USD).
As I mentioned in my question there would be another layer of security above the HTTPS which will feature WSS XML-Signatures. The process of registering the user and accepting the his public key is also done in several steps. In the first step the user sends his telephone number together with a cod retrieved somehow from my client. Then an SMS is sent to the user with a confirmation code. The user enters the confirmation code into a OTP calculator that would produce OTP code which will identify the user. Then the public key is sent to the server together with the OTP code. From here on every request would be signed by the private counterpart of the public key sent to the server earlier.
So the biggest weakness for the whole process is that of someone reverse engineers the application and retrieves the client certificate used for the SLL. The only problem arising from this is that someone might observe users' transactions. However in order for someone to make a transaction he would need the user's private key, which is generated, encrypted and stored into the keychain. And the price for braking this security level is VERY HIGH.
We will additionally think on how to protect the users' data on a higher level (e.g. using WSS Encryption), but for the start I thing we are good with the current solution.
any opinion ?
regards
https doesn't really work this way. In a nutshell, you attach to a secure server where the certificates are signed by a well known authority.
If you use Apples (iPhone) classes for this, they will only accept 'good' certificates. By good, I mean what Apple deems as acceptable. If you don't use them (there are alternatives in the SDK), you won't be able to connect (except, maybe, in the case where you have an 'Enterprise' developers license - but I can't say that with 100% certainty as I haven't looked enough at this license to be sure)
To continue, use your https connection to your correctly signed website and then institute some sort of login with a built in username/password, or challenge/response based upon the unique ID of the iPhone (for example) and exchange keys using that connection.
Note that this means that your application will have to query for new certificates at (each connection/every X connections/every month/application specified intervals) to keep them up to date. You can then use these certificates to connect to the more secure server.
[edit]
Check this post - may have more information about what you're asking to do
[/edit]
[edit2]
Please note that the request is iphone, not OSX - app store approval is an issue
[/edit2]