This statement applies to: S/Notify for Jira Server and S/Notify for Confluence Server from version 3.0 ("the app") installed in Atlassian Jira or Atlassian Confluence, respectively ("the platform application")
Per-user S/MIME certificates and PGP keys
The app stores the users' personal public S/MIME certificate and/or public PGP key in their user profile. Since only the public certificate or key is required and can be used, no special precautions need to be taken to protect these data.
Server private S/MIME and PGP keys
The app needs to retrieve the server's private S/MIME and/or PGP keys in order to decrypt or sign emails. The private keys are read from a password protected keystore. In order to retrieve the server's private S/MIME and/or PGP keys from the keystore, the app must use a password. The apps stores an encrypted version of the password in the system properties of the platform application. The platform application usually stores these properties in a database.
Encrypted passwords should be considered not more than disguised to protect them from inadvertently getting disclosed. To properly protect the passwords, access to the database must be limited to the platform application.
The app encrypts all emails on the fly, meaning that emails are not stored by the app, neither encrypted nor unencrypted.
However, due to the nature of email transport, the mail data may be stored or cached internally by the platform application, by the mail system, or by any other software that is part of the email processing.
Email contents is not normally logged, but while you have set the loglevel to DEBUG or TRACE, be aware that such data may be written to your logfiles.
Although the app performs the encryption of the email, the encryption strength partly depends on the algorithm and the certificate key length used for encryption. For details about the encryption algorithms and Java limitations, please see Java Cryptography Support.
Due to the nature of email encryption, please note that this method can currently only provide encryption of the message body. The message meta data, like sender and recipient always remain unencrypted which is just like with a real-world package sent out via some postal service. However, you should be aware that also the message subject is always sent unencrypted. This warning applies to both, S/MIME and PGP.
We know that there are proposals and even implementations that can encrypt headers as well. However, as the client support is not very good or even non-existing yet, S/Notify does not currently support such extensions.
Data access is managed by the platform application's user access rights management. Unless configured otherwise, usually
- the end user can access his/her own per-user configuration settings only
- administrative users can access the global configuration configuration settings, as well as each user's configuration settings
Data stored by the app is covered by the platform application's standard backup mechanisms.
The app does not collect any user data, let alone share them with anyone outside your platform application instance.
Email contents is written to the log if the log level is set to DEBUG or TRACE. When per-project or per-space encryption is configured, the app analyzes outgoing emails to determine which project or space they belong to. The results of this analysis are written to the log if the log level is set to DEBUG or TRACE.