[Dovecot] Encryption Plugin
Timo Sirainen
tss at iki.fi
Thu Oct 1 19:19:02 EEST 2009
On Thu, 2009-10-01 at 11:49 -0400, Patrick McLean wrote:
> There was a discussion a few months ago about a plugin for encrypting
> email before it hit the disk on the server, and doing transparent
> decryption while serving data to the client, see:
>
> http://www.dovecot.org/list/dovecot/2009-July/041262.html
>
> We have a client/user who is interested in such a plugin, and I was
> wondering if there has been any progress on it yet.
Not from my side, no idea if someone else has done anything. My comments
about zlib compression also apply to encryption:
http://www.dovecot.org/list/dovecot/2009-June/040181.html
> The way I would imagine the plugin working is public-key encryption
> being done on the message as it was being delivered (plug in to
> dovecot's deliver). Then when a client connects, the private key is
> decrypted with the user's password and used to decrypt the messages on
> the fly. Depending on performance, it may be an idea to convert messages
> to use symmetric with rotating keys encrypted with the public key
> encryption.
Easiest way to get started would be to just execute gpg or maybe
libgpgme.
> If this were going to be done, I would think an IMAP protocol extension
> may be an idea so client-side encryption would be an option as well, so
> there would be end-to-end security.
Maybe the messages could be just encrypted using regular pgp or S/MIME
encryption so clients that support those already could open them.
Although that wouldn't keep the message headers encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20091001/542b9224/attachment.bin
More information about the dovecot
mailing list