---------- Original Message ---------- From: Aki Tuomi aki.tuomi@dovecot.fi To: micah anderson micah@riseup.net Date: December 16, 2016 at 11:25 PM Subject: Re: making a plugin encrypt index data
When we released our encryption plugin, mail-crypt, it's capabilities include fs-crypt. This can be used to encrypt things like FTS indexes and attachments, and with suitable mail storage, such as obox, you can also encrypt indexes.
To extend this support to dbox or maildir, does require rather involved changes in dovecot core, which currently has no support for fs-api in index handling. This might happen on v2.3 or v2.4, depending.
I somehow suspect that the work estimate would exceed your budget. But it is going to happen, it's just matter of time. Can't give you any timeline though, since we have not decided on one yet.
Aki
On December 16, 2016 at 9:53 PM micah anderson micah@riseup.net wrote:
Hi Aki,
Do you have any idea approximately when this would be planned for?
We are also interested potentially paying for the ability to encrypt our indexes, as this is a major concern for us. We don't have a lot of money as a non-profit, but if there is a possibility of contract work, we would be interested to know what it would cost to do it.
thanks, micah
Aki Tuomi aki.tuomi@dovecot.fi writes:
On December 16, 2016 at 6:48 PM micah anderson micah@riseup.net wrote:
Hello,
I'm encrypting mail on disk using a plugin[0], but the index files are not encrypted (specifically the dovecot.index.cache can be read).
I want to do is encrypt index on disk, so I'm looking for how a plugin can achieve that by hooking into the right locations. Is that easily possible in a plugin?
I can turn off those indexes by passing INDEX=MEMORY, but that isn't possible if I use sdbox/mdbox.
thanks for any suggestions! micah
Hi!
At the moment it's not possible without making new storage class. We are planning to add support for fs drivers for indexes at some point.
Aki Tuomi Dovecot Oy