New in S/Notify 3.2

Created by Metin Savignano
Last updated: 12 Nov, 2020

S/Notify is undoubtedly the most comprehensive email encryption solution for Jira and Confluence!

S/Notify for Jira Data Center Available

This affects only Jira Data Center users. If you are using Jira Server, nothing changes for you.

Due to repeated customer demand, we have been working on releasing a Data Center version. Starting from S/Notify 3.2, we will start releasing S/Notify for Jira Data Center versions in parallel to our S/Notify for Jira Server versions.

JIRA DATA CENTER USERS

What this means for you:

Any customer running this application on a DC Instance need to convert their license over to a DC App license if they intend on upgrading to this DC version.

For more information see: https://www.atlassian.com/licensing/data-center-approved-apps#

S/Notify for Confluence Data Center Approval in Process

We plan to also provide an S/Notify for Confluence Data Center version with the next feature release.

CONFLUENCE DATA CENTER USERS

Please note that we have started the DC Approval process and intend on releasing a DC compatible version in the future.

What this means for you:

Any customer running this application on a DC Instance would need to convert their license over to a DC App license if they intend on upgrading to the DC version in the future.

For more information see: https://www.atlassian.com/licensing/data-center-approved-apps#

S/Notify 3.2 New Features And Improvements

Elliptic Curves Ciphers

You have asked for it, and here it comes: S/Notify now supports PGP keys with elliptic curves ciphers. 

Elliptic curves ciphers are gathering more and more interest because they are said to be more secure if compared to classic ciphers at the same key length. We have tested with NIST curve P-256 (GnuPG selection EcDSA) and Curve25519 (GnuPG selection EdDSA), but others should work as well.

Email Subject Encryption

Again, due to customers asking for it, we have now added support for the encryption or protection of the email subject. As the email subject may contain sensitive data, this makes a lot of sense. However, bot S/MIME and PGP usually only encrypt the message body, leaving the headers exposed – with the email subject being one of them.

There are some attempts and drafts how to protect the subject which, however, are not yet widely supported. For example, the S/MIME standard describes a way to wrap the full message including it headers and encrypt it. However, such messages are interpreted as forwarded messages and thus displayed in a way that confuses the standard email user. While in Apple Mail, it worked quite well, Microsoft Outlook hides the whole message in an attachment, displaying only an empty message to the user. Because of this unsatisfactory situation, we decided to got for another approach often referred to as MemoryHole Protected Headers

We use Protected Headers in legacy mode. This means that the email subject is displayed as plain text to the users by email clients that do not know about Protected Headers. We found this to be the less confusing and most versatile approach. However, if you prefer to use the S/MIME rfc822/message approach, please contact us, and we will tell how to change it.

With regard to incoming email, subject encryption will automatically be detected and processed correctly, independent from which of the above approaches has been chosen by the sender. 

Key Or Certificate Extraction (Jira only)

S/Notify provides many ways to manage keys and certificates, from users uploading them on their own to using key servers, local key stores, or LDAP servers to obtain the necessary encryption keys. 

This release adds one more way to the list, by offering to automatically extract keys or certificates from incoming email. Once activated, incoming email will be checked for attached PGP keys or certificates that are usually included in S/MIME signatures. If found, they are extracted and stored for use of encrypting emails to the user.

Note that for keys or certificates to be extracted, the incoming email must be properly signed, and, of course, the key or certificate must be valid for the sender who has to be a valid Jira user.

Other Improvements

  • PGP encryption now selects symmetric cipher from key preferences 

  • Improved error checks for key server URLs 

  • Improved user group selection in large Jira instances 

  • Updated underlying BouncyCastle crypto libraries 

  • Protection against certain XSS attacks 

Fixes

  • Advanced settings had missing translation key displayed 

  • Internal test email could be sent during setup if mailer library was not present yet. These emails will now be deleted from email account when encountered.

 

Please send us comments, feature wishes, and any other type of feedback – it is much appreciated!

 

The S/Notify Email Encryption apps are brought to you by savignano software solutions, a small yet savvy IT solutions company in Germany. Click here for legal information.