Re: [Dovecot] Disk Encryption

[..]

Currently my mail store isn't encrypted and I would like to know if it is possible to do that, and if so, maybe get some pointers.

There are two main roads:

• filesystem/disk based encryption

  • Fast and easy to setup though (eg LUKS on Linux)
  • does not protect against a running system being attacked, eg that they can run custom code in the same security level that thus can read the unencrypted content.

• per-file encryption, eg with PGP/GnuPG

  • Likely more complex to setup/fail-prone
  • attacker getting access can only encrypt more mail and/or of course subvert any new mail, but can't decrypt old.
  • there are a couple of tools which enable this, typically it is a procmail/pipe through gnupg
  • Decryption of mails can be done with a "IMAP-proxy" style tool or possibly better/easier by the mail client.
  • Check out:
    • https://github.com/isislovecruft/leap_mx
    • https://grepular.com/Automatically_Encrypting_all_Incoming_Email
    • https://perot.me/encrypt-specific-incoming-emails-using-dovecot-and-sieve

For both:

• Store your decryption keys in a secure/offline place (cold-boot attacks)
• "Rubber Hose Crypto": http://www.schlockmercenary.com/2006-03-29
• "Lead Pipe Crypto": http://www.schlockmercenary.com/2009-10-19

Of course it always depends on the attack vectors that you are protecting against ;)

Greets, Jeroen