[Dovecot] Encryption Plugin

Patrick McLean patrick at redtriangle.ca
Thu Oct 1 18:49:29 EEST 2009


Hi,

There was a discussion a few months ago about a plugin for encrypting
email before it hit the disk on the server, and doing transparent
decryption while serving data to the client, see:

http://www.dovecot.org/list/dovecot/2009-July/041262.html

We have a client/user who is interested in such a plugin, and I was
wondering if there has been any progress on it yet. In our particular
case, server-side on-the-fly decryption would be acceptable. This
service is useful in the case of a somewhat paranoid user who does not
want the IT staff to have direct access to their email, without going
through some major hoops (http://hushmail.com actually offers both server and
client side decryption for these reasons).

The way I would imagine the plugin working is public-key encryption
being done on the message as it was being delivered (plug in to
dovecot's deliver). Then when a client connects, the private key is
decrypted with the user's password and used to decrypt the messages on
the fly. Depending on performance, it may be an idea to convert messages
to use symmetric with rotating keys encrypted with the public key
encryption.

If this were going to be done, I would think an IMAP protocol extension
may be an idea so client-side encryption would be an option as well, so
there would be end-to-end security.


More information about the dovecot mailing list