Hello.
Sometimes we handle with very sensitive information, storage that information for us is very problematic for us, with the idea that our servers can/will be hack eventually we try to avoid storage personal information, so with were thinking and we want to ask you you opinion on this possible fix:
-Select option: send answer over encrypted email | storage the information on server | both
NC Admin will need to add a public key to encrypt the email, but we think is possible.
Thanks for your great work.
Best, D.
Hi @dawidol
Would you mean sending every time an answer is submitted?
Hi @skjnldsv yes, exactly.
Sounds similar to https://github.com/nextcloud/forms/issues/12 ? :)
Yes, kind. But using encrypted email and not storing anything on the NC Server
We don't support pgp encryption with email.
Not even our Email app, right @ChristophWurst ?
So unfortunately, sinmple mail notification should suffice I guess :)
Please remember that every functionality needs to be first developed and then also maintained to ensure it stays working.
Since this is quite a specific request, are there any other systems which support this, or a common way this is done?
I don't think so unfortunately :/
Google forms have some plugins about notifications and emails, maybe there is one with gpg enc, but doubt it
Wasn't there a new app for that? ;)
https://help.nextcloud.com/t/call-for-testing-gpg-mailer-encrypted-password-reset-and-notification-email/79599
I share the OPs requirement (for some projects) for handling sensitive information. My view FWIW is using email adds more possibility of interception (but not of reading of course) of the email. Also you then need to secure your mailserver and machine where the email is stored...
If the data is sensitive, should that not be handled in disk encryption of the Nextcloud instance?
Or possibly provide a forms feature where the form response data is encrypted.
To be notified, the form admin could receive a "There is a new form answer" notification/email which wouldn't hold any content.
Just some thoughts - I've not thought them all thru so possibly holes exist! :smile:
Honestly this seems like a very edge case. :confounded:
Not sure many people would use this.
On the technical side, i'd say sending answers through mail is https://github.com/nextcloud/forms/issues/12
And gpg should be handled by the server mailing service, so in https://github.com/nextcloud/server (which an opened issue already exists most likely) :)
EDIT Server issue nextcloud/server#7310