R – How to send and receive encrypted email in Ruby on Rails

emailencryptionrubyruby-on-rails

I have a rails application that triggers Emails on certain events. These emails are sent to a separate company who will add some additional data to the email when replying. This is all understood and working, I am parsing the replies, extracting the data and it works fine.

I have now been asked to encrypt the emails.

Does anyone have any experience/ideas on the best way to do this?

I can not guarantee what Email client the 3rd party will be using so I need a solution that would work generically across many email clients. The encryption must be made both by my application when I send the email and by the client application (Outlook, Thunderbird, Entourage etc) when it replies. I will then need to receive the encrypted email, decrypt and parse it to extract the new information I need.

Can anyone point me at plugins/documents that would help me achieve this?

Best Solution

If the other end doesn't use your application, you should use S/MIME or PGP.

Most desktop email clients support S/MIME out of the box, and PGP is usually available as a plugin (for Thunderbird there's Enigmail, for Apple Mail there's GPGMail, etc.).

Also, S/MIME needs certificates, which you can create yourself or purchase from a Certificate Authority (like Verisign or Thawte), depending on your needs.

I'm sure there are S/MIME and PGP libraries for Ruby, but a quick search didn't reveal the "one true library" for me. However, you can always let OpenSSL (for S/MIME) or GPG do the heavy-lifting for you.