On Sun, Feb 21, 2021 at 05:20:59PM -0500, deano-dovecot@areyes.com wrote:
I have global mail enecryption working nicely, and replication works nicely between two systems. The main problem is that the private and public keys are *right there* on the server in /etc/dovecot/private ... Fine for a completely controlled system, but not so fine when on a rented VPS etc.
I'm not running a Dovecot instance myself at the moment, but I have been wondering about the above.
My current understanding is that Dovecot, like any other piece of software that needs to decrypt data from disk, will inevitably need to either:
keep the private keys in memory for at least *some* time, in order to be able to perform decryption using the CPU; OR
use an HSM (or equivalent, such as maybe a TPM or an OpenPGP Card) to perform decryption as needed.
In a case where there is no HSM (or equivalent), any attacker who gains root or hypervisor privileges over the machine can in principle extract the key from memory irrespective of whether the private key is on disk. They can then decrypt messages at their leisure. In such a case, the security is already quite low and little additional security is lost by keeping the private key in a local file on disk that is readable only by root (and perhaps also readable by one other carefully-chosen account if necessary).
The above applies to rented VPSes. You are vulnerable to the VPS provider, because they have hypervisor privileges. So, if you want the email store to be private, the first thing to do is have it on your own hardware.
In the better case where you have your own hardware, then the concern becomes: how to avoid attackers accessing the private keys if they gain root, or if they gain physical access. Here, an HSM (or equivalent) will help, by keeping the private keys off the filesystem and out of RAM/cache/etc. A properly-implemented HSM or smartcard will make it infeasible for an attacker to obtain the private key even if they gain root; and will make it expensive for an attacker to obtain the private key even if they gain physical access.
Can Dovecot utilise an HSM (or equivalent)? I'm not sure. I look forward to finding out.
Would it be possible for dovecot to read the keys as output from a script ? I'm thinking of a small script that would reach out to an authentication service like Authy or Okta or similar.
Making your own ability to access the email store dependent upon an untrustworthy third-party like Okta is, IMO, even worse than using a VPS. Not only are you leaving the door open to an attacker should that service provider prove to be either compromised or malicious; you also leave yourself vulnerable to a whole new class of DoS attacks.
(Okta is mostly security theatre. The basic premise is bad enough, but auditing various Okta deployments, and meeting and speaking with Okta technical staff, left me with an even worse impression of that company.)
Sam
-- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing?
() ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.