SurgeVault Encrypt HIPAA compliant feature

SurgeVault is an optional feature in SurgeMail that allows users to add a layer of encryption to standard email messages they send when desirable, it can be used with regular email clients or with the SurgeWeb 'webmail' interface.

The SurgeVault feature allows you to define some rules (per domain) that specify when a message should be encrypted (based on subject, or content or destination etc) and then instead of sending the raw naked message the destination user is either sent an encrypted message, or a link to an encrypted message. In either case the destination user is required to login and set a password to read that and future messages. Then they are either shown the message, or given a key to decrypt the message they were sent.

How to configure/turn on SurgeVault encryption:

  1. Upgrade to SurgeMail 4.2b-11 or later
  2. Set the global setting G_ENCRYPT_SURGEWEB_SHOW "true" if you want the encryption icon at the top of surgeweb compose new email page to appear.
  3. Set a domain level rule in surgemail.ini for each domain you want to be able to send encrypted messages (without this you can only send encryption from surgeweb)
    encrypt_rule header="subject" contains="encrypt:" method="server"
  4. Send an email to someone from the domain in question, with "encrypt:" in the subject.
  5. Or, in surgeweb send an email to someone and click on the encrypt icon before sending it.
  6. If you wish to use the feature regularly you will need a new Key to enable this feature (sorry this is a paid add on feature), otherwise it is limited to '2' messages per day!

Inline based encryption

In this mode the message is encrypted, then sent to the destination user as an html attachment which contains javascript to 'decrypt' the message, to obtain the 'key' to decrypt the message the user must login to the sending server and request it. The first time they do this they must set a password. This means the security of 'subsequent' messages is enhanced as the password cannot be 'reset' by the receiving customer. (this applies to the server based method too)

Server based encryption

In this mode the destination user is sent a link containing a key that is needed to decode the message which is kept on the sending server. This is equally secure.

Secure Reply

In either case a secure reply can be sent once the user has logged in to fetch the key or decrypt the message.

Encoding used

AES 256 CBC mode with MD5 hash.

How secure is it - what does it protect and what doesn't it protect you from...

After the first email exchange and the password for a user has been set, then the encryption will prevent someone spying on the message in the 'middle' between your sending sever and the receiving user. It does not prevent the administrator of your server from spying on the message as they can certainly circumvent this mechanism (with some difficulty).

However it provides you with a way of being sure that no one outside your server see's the message other than the intended recipient and it also gives you an audit trail to know that the receiving user did (or didn't) view the message. You can further enhance security by using https and ssl to send the message so that no one other than the administrator on your network can spy on the message before it gets to your server.

This mechanism is suitable and possibly a legal requirement for some forms of email, for example when a doctor sends an email to a patient that includes test results it would be an appropriate way of doing it. Or any time someone is sending personal private information via email and must provide some assurance that the message cannot be intercepted trivially!

 

Relevant Settings

Setting Description
G_ENCRYPT_EXPIRE "30" Days to keep encrypted messages before deleting
   
Domain based settings
encrypt_rule header="subject" contains="secret" method="server" Specify rule for encrypting messages
encrypt_subject Private message


Full encrypt_rule settings are:

encrypt_rule header=string contains=string from=string to=string method=string

SurgeWeb integration

In addition to encrypt_rule rule based triggering, the sending of encrypted email is integrated into the surgeweb compose pane.
g_encrypt_surgeweb_show true 

Also note that there is a setting on the surgeweb customisation page that disables the SurgeVault interface in surgeweb.
encrypt_hide true

Warning replying to messages:

 

If you use a rule like this:

 

encrypt_rule header="subject" contains="encrypt:" from="" to="" noconfirm="" method="server"

And you send someone an email, lets say for some reason they cannot read it and send you a reply then you reply to their email the 'encrypt' rule will still match and the message will be encrypted again... So just be aware of that! :-) Obviously this is normally exactly what you want so all your emails to them on this subject remain encrypted.