Hi,
I have few questions regarding mail_crypt:
- Is mail_crypt_global_private_key file read upon dovecot start/restart only or it is/can be read in any other time? I have made few tests by starting dovecot and removing master key for decryption - therefore it is not available on the platform - it only reside in memory, removing one of attack vectors It can be given from config file, or from user database. It is read on use. You can also encrypt the key using a password, but in the end, the
On 04.11.2017 20:52, Zbyszek Żółkiewski wrote: password or the key needs to be provided by something.
Is there planned any “rollout” for key rotation in the feature ? There is already *some* key rotation availability. Mail re-encryption is not supported, but you can roll the user key, and you can take new folder keys into use. The old ones need to be retained unless you move emails out and back to the folder.
is there any better way to encrypt mails that were sent before enabling mail_crypt ? I have made some simple script to automate and in-place encryption: https://gist.github.com/kolargol/d551d132949068ce6efce7bc85a317cb but maybe there is better way? If someone want to use it, please read code before as it require updating magic(5) local database
thanks!
_ Zbyszek Żółkiewski
The Best Practice, supported way, is to move the emails around, so you move all your mails from INBOX to FooBox, and then back. This can have some side-effects, and you might want to test this. Most notably it will consume UIDs, unless you reset the folder by removing indexes.
Aki