On 01/06/2011 06:54 AM, Christian Felsing wrote:
Am 04.01.2011 07:38, schrieb tomas@tuxteam.de:
The idea upthread (Jan-Frode) to keep a public key server-side and encrypt messages on arrival seems to me the way to go.
I would support that idea. Private key should be encrypted with users passphrase. If user changes password privet key needs to be decrypted with old password and reencrypted with new password.
Public key never changes, so maildir is never required to be touched, if user changes password and server does not need to know users secret to receive mail.
This still doesn't work, because the administrator is the one who tells the system to encrypt messages as they arrive. He can peek at the messages before they're encrypted with the user's public key.
It's impossible to hide the contents of a plain-text message from the person who receives it in plain text (the administrator). PGP/GPG is the only option.