[Dovecot] Encryption solution for messages at rest

Frerich Raabe raabe at froglogic.com
Tue Oct 29 00:22:11 EET 2013 

On 2013-10-28 20:23, Reindl Harald wrote:
> Am 28.10.2013 20:14, schrieb Douglas Mortensen:
>> However, it would be nice to know that even if we were breached, the 
>> emails on the server were encrypted and would be completely useless to 
>> an attacker.
>> This type of encryption is ideal and some regulations prefer 
>> (although don't require) it
>
> impossible and useless
> if someone comes that far he can also read whatever configuration
> containing the keys

In principle, this can be addressed by employing asymmetric key 
encryption.

You could imagine a system which requires users to generate a key pair 
and then submit their public key. The mail system will encrypt all mail 
received for a user with that users public key. When accessing the mail, 
the user configures his user agent to use the private key to decrypt the 
mail.

In practice, it's probably not that easy:

1. I suppose you'd have to be careful to not break features like 
server-side searching though. If you only store encrypted mail, the only 
moment where the system sees the plain mail is when it's received. So 
you'd probably need to index it at that point and then use that index 
for subsequent queries. Once the mail is written to disk, the server 
never sees the real data anymore.

2. Different mail storage formats probably work differently well. mbox 
is right out, with Maildir it might not be acceptable to encode the raw 
mail file - I don't know whether Dovecot uses any actual contents of 
files with Maildir (as opposed to the Dovecot-specific indices and the 
file name). If it does, then you should maybe just encrypt just the body 
but no headers or similiar.

There's surely more to consider, but I think this is anything but 
"impossible and useless". Accessing sensitive data which is stored on an 
untrusted system is an old and solved problem, I wouldn't be surprised 
if you just have to consider implementation details in the case of a 
mail server.

-- 
Frerich Raabe - raabe at froglogic.com
www.froglogic.com - Multi-Platform GUI Testing

More information about the dovecot mailing list