Is it possible to have a user enter information into a form on an HTTPS secured site, then send that information using PHP to an email address securely? How do you encrypt the email so it's secure between sending it from an HTTPS site and checking it via HTTPS email? How feasible is this and what are the potential pitfalls?
HTTPS encrypts the data sent between your server and the client (browser/user) which will prevent anyone from intercepting the data. Usually to get HTTPS you have to pay, but now there is a free Certificate Authority -CA for short- called Let's Encrypt that provides free certificates.
You could encrypt the email with PGP or S/MIME. These will require special support in your client to decrypt. Most webmail providers don't have this (though there may be e.g., Firefox extensions to make it work).
Other than end-to-end encryption like PGP or S/MIME, it really isn't doable, because of email's clear-text legacy:
Received:
headers to see how many hops a message took, but that may change at any point (and it may change from message to message for operational reasons).Except for a few of the very largest webmail providers, they probably don't have sufficient security to protect confidential identity data. E.g., if you call them up and say you forgot your password, how do they handle that? Or, if someone else calls them up and pretends to be you.
Lastly, even with PGP or S/MIME, you're left with the problem that email, in the real world, can and does get lost. Your site may send a message, get confirmation that the message is accepted for delivery, and then that message just never arrive—not even to a spam folder. That generally isn't acceptable for valuable data.
note: If you encrypt the message with PGP or S/MIME, using sensible settings (e.g., 3072-bit or higher RSA keypair, AES cipher), then it doesn't matter if the email message (ciphertext) is disclosed; it is unreadable without the private key. The crypto used is fairly similar to TLS (but unfortunately doesn't offer things like perfect forward security as its an offline protocol). End-to-end crypto protects against insecurities between the endpoints. Not that I'd advocate printing the cihertext in a newspaper, but even that should still be secure. You must, of course, keep the machine which holds the private key (and decrypts the emails) secure.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With