Best mail encryption solution for per-user
Hai,
Do you have advice about Dovecot plugins for mail encryption:
https://wiki2.dovecot.org/Plugins/MailCrypt
https://0xacab.org/riseuplabs/trees
I like NaCL based encryption but the MailCrypt plugin is better
because it's maintained by Dovecot developers (is this correct?)
Hard to understand MailCrypt docs so may I ask, may I provide per user
encryption? I don't like global because I want every user to have
different encryption based on their password. But I don't see the
useful of per-folder encryption. Docs for TREES are easier to
understand it will work on a per-user encryption using the user
password to decrypt the needed keys.
How about indexing? Does native fast Dovecot indexing must be turned
off for one of these or both? Is this a big performance hit? And how
to turn off indexing on a per-user basis?
Thank you so very mcuh
ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!
On February 9, 2018 at 3:20 AM tai74@vfemail.net wrote:
Hai,
Do you have advice about Dovecot plugins for mail encryption:
https://wiki2.dovecot.org/Plugins/MailCrypt
https://0xacab.org/riseuplabs/trees
I like NaCL based encryption but the MailCrypt plugin is better
because it's maintained by Dovecot developers (is this correct?)Hard to understand MailCrypt docs so may I ask, may I provide per user
encryption? I don't like global because I want every user to have
different encryption based on their password. But I don't see the
useful of per-folder encryption. Docs for TREES are easier to
understand it will work on a per-user encryption using the user
password to decrypt the needed keys.How about indexing? Does native fast Dovecot indexing must be turned
off for one of these or both? Is this a big performance hit? And how
to turn off indexing on a per-user basis?Thank you so very mcuh
Hi!
Mail crypt plugin in dovecot core is indeed developed and maintained by us. Turning on encryption is simple, but you'll have to consider key management closely.
The simple instructions are
mail_plugins = $mail_plugins mail_crypt mail_attribute_dict = file:%h/Maildir/dovecot-attributes
plugin { mail_crypt_curve = <some curve you like> mail_crypt_save_version = 2 }
This will turn on automatic key creation for folders and users.
NOTE that the keys won't be encrypted in this scenario.
To encrypt keys you have few choices. You can use a static password, static ECC key, per-user password, per-user ECC key, per-user password protected ECC key.
With the per-user model, the easiest, if you don't let users change password could be adding into userdb or passdb, mail_crypt_private_password = %{sha512:password}
If you want users to be able to change passwords, you either need to manage the encryption passwords in user database, or call doveadm mailbox cryptokey password during password change.
Also we do not currently support DR keys, so if the per-user key is lost, you will not be able to recover the mails.
Aki
On February 9, 2018 at 8:31 AM Aki Tuomi aki.tuomi@dovecot.fi wrote:
On February 9, 2018 at 3:20 AM tai74@vfemail.net wrote:
Hai,
Do you have advice about Dovecot plugins for mail encryption:
https://wiki2.dovecot.org/Plugins/MailCrypt
https://0xacab.org/riseuplabs/trees
I like NaCL based encryption but the MailCrypt plugin is better
because it's maintained by Dovecot developers (is this correct?)Hard to understand MailCrypt docs so may I ask, may I provide per user
encryption? I don't like global because I want every user to have
different encryption based on their password. But I don't see the
useful of per-folder encryption. Docs for TREES are easier to
understand it will work on a per-user encryption using the user
password to decrypt the needed keys.How about indexing? Does native fast Dovecot indexing must be turned
off for one of these or both? Is this a big performance hit? And how
to turn off indexing on a per-user basis?Thank you so very mcuh
Hi!
Mail crypt plugin in dovecot core is indeed developed and maintained by us. Turning on encryption is simple, but you'll have to consider key management closely.
The simple instructions are
mail_plugins = $mail_plugins mail_crypt mail_attribute_dict = file:%h/Maildir/dovecot-attributes
plugin { mail_crypt_curve = <some curve you like> mail_crypt_save_version = 2 }
This will turn on automatic key creation for folders and users.
NOTE that the keys won't be encrypted in this scenario.
To encrypt keys you have few choices. You can use a static password, static ECC key, per-user password, per-user ECC key, per-user password protected ECC key.
With the per-user model, the easiest, if you don't let users change password could be adding into userdb or passdb, mail_crypt_private_password = %{sha512:password}
If you want users to be able to change passwords, you either need to manage the encryption passwords in user database, or call doveadm mailbox cryptokey password during password change.
Also we do not currently support DR keys, so if the per-user key is lost, you will not be able to recover the mails.
Forgot to add that currently it's not possible to encrypt indexes due to how lib-index is designed.
Aki
Aki really thanks for reply,, I hope for continue the conversation,
Do you have advice about Dovecot plugins for mail encryption:
https://wiki2.dovecot.org/Plugins/MailCrypt https://0xacab.org/riseuplabs/trees
I like NaCL based encryption but the MailCrypt plugin is better because it's maintained by Dovecot developers (is this correct?)
Hard to understand MailCrypt docs so may I ask, may I provide per user encryption? I don't like global because I want every user to have different encryption based on their password. But I don't see the useful of per-folder encryption. Docs for TREES are easier to understand it will work on a per-user encryption using the user password to decrypt the needed keys.
How about indexing? Does native fast Dovecot indexing must be turned off for one of these or both? Is this a big performance hit? And how to turn off indexing on a per-user basis?
Mail crypt plugin in dovecot core is indeed developed and maintained
by us. Turning on encryption is simple, but you'll have to consider
key management closely.The simple instructions are
mail_plugins = $mail_plugins mail_crypt mail_attribute_dict = file:%h/Maildir/dovecot-attributes
plugin { mail_crypt_curve = <some curve you like> mail_crypt_save_version = 2 }
With no other settings, I understand this to auto-generate keys. It's putting them in mail_attribute_dict? How is that related to mail_crypt_private_key,, which is for what then?
This will turn on automatic key creation for folders and users.
I guess it's saying "folders" mode because each folder has a keypair but I don't understand why a single keypair isn't enough? Because of possibility to have shared folders? Anywayz I'm confused how it relating against global mode and where user mode fits (there is no user mode say the docs).
NOTE that the keys won't be encrypted in this scenario.
To encrypt keys you have few choices. You can use a static password,
static ECC key, per-user password, per-user ECC key, per-user
password protected ECC key.
Sorry newb question, though how is this choice made (on different values of mail_crypt_require_encrypted_user_key?)
With the per-user model, the easiest, if you don't let users change
password could be adding into userdb or passdb,
mail_crypt_private_password = %{sha512:password}If you want users to be able to change passwords, you either need to
manage the encryption passwords in user database, or call doveadm
mailbox cryptokey password during password change.
I have custom userdb lookup so I don't mind to manage key encryption passwords in database, but how do I do it? Is it by to include mail_crypt_private_password in the userdb lookup?
Moreso,, if I want password same to be as regular IMAP password, is there security problem? I think it's possible to return plaintext password for userdb lookup with %w right?
Moreso,, I don't see that to work because maybe pwd changes in userdb but encryption keys (stored where?) still be encrypted with old pwd no? In such case, what is to be done? Your indication was that doveadm can be used but that there is another soultion which doesn't become full evident to me yet.
Is literally solution now I must also store keys in database and make custom pwd change module decrypt to re-encrypt them with new pwd?
Also we do not currently support DR keys, so if the per-user key is
lost, you will not be able to recover the mails.
Fair!
Forgot to add that currently it's not possible to encrypt indexes due to how lib-index is designed.
To infer your statement, this means indexing will work anyway ok even with encryption turning on? With caveat of have unencrypted metadata in index files? So that we must choose, unprotected metadata or remove indexing? May indexing be removed per-user, maybe from userdb lookup?
ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!
Quoting tai74@vfemail.net:
Aki really thanks for reply,, I hope for continue the conversation,
Do you have advice about Dovecot plugins for mail encryption:
https://wiki2.dovecot.org/Plugins/MailCrypt https://0xacab.org/riseuplabs/trees
I like NaCL based encryption but the MailCrypt plugin is better because it's maintained by Dovecot developers (is this correct?)
Hard to understand MailCrypt docs so may I ask, may I provide per user encryption? I don't like global because I want every user to have different encryption based on their password. But I don't see the useful of per-folder encryption. Docs for TREES are easier to understand it will work on a per-user encryption using the user password to decrypt the needed keys.
How about indexing? Does native fast Dovecot indexing must be turned off for one of these or both? Is this a big performance hit? And how to turn off indexing on a per-user basis?
Mail crypt plugin in dovecot core is indeed developed and
maintained by us. Turning on encryption is simple, but you'll have
to consider key management closely.The simple instructions are
mail_plugins = $mail_plugins mail_crypt mail_attribute_dict = file:%h/Maildir/dovecot-attributes
plugin { mail_crypt_curve = <some curve you like> mail_crypt_save_version = 2 }
With no other settings, I understand this to auto-generate keys. It's putting them in mail_attribute_dict? How is that related to mail_crypt_private_key,, which is for what then?
This will turn on automatic key creation for folders and users.
I guess it's saying "folders" mode because each folder has a keypair but I don't understand why a single keypair isn't enough? Because of possibility to have shared folders? Anywayz I'm confused how it relating against global mode and where user mode fits (there is no user mode say the docs).
NOTE that the keys won't be encrypted in this scenario.
To encrypt keys you have few choices. You can use a static
password, static ECC key, per-user password, per-user ECC key,
per-user password protected ECC key.Sorry newb question, though how is this choice made (on different values of mail_crypt_require_encrypted_user_key?)
With the per-user model, the easiest, if you don't let users change
password could be adding into userdb or passdb,
mail_crypt_private_password = %{sha512:password}If you want users to be able to change passwords, you either need
to manage the encryption passwords in user database, or call
doveadm mailbox cryptokey password during password change.I have custom userdb lookup so I don't mind to manage key encryption passwords in database, but how do I do it? Is it by to include mail_crypt_private_password in the userdb lookup?
Moreso,, if I want password same to be as regular IMAP password, is there security problem? I think it's possible to return plaintext password for userdb lookup with %w right?
Moreso,, I don't see that to work because maybe pwd changes in userdb but encryption keys (stored where?) still be encrypted with old pwd no? In such case, what is to be done? Your indication was that doveadm can be used but that there is another soultion which doesn't become full evident to me yet.
Is literally solution now I must also store keys in database and make custom pwd change module decrypt to re-encrypt them with new pwd?
Also we do not currently support DR keys, so if the per-user key is
lost, you will not be able to recover the mails.Fair!
Forgot to add that currently it's not possible to encrypt indexes due to how lib-index is designed.
To infer your statement, this means indexing will work anyway ok even with encryption turning on? With caveat of have unencrypted metadata in index files? So that we must choose, unprotected metadata or remove indexing? May indexing be removed per-user, maybe from userdb lookup?
Adding questions: will encryption work equally with maildir, dbox, mdbox et al? Will encryption work with zlib compression? I want to test encryption but only on a test account not all accounts, possible to enable for just a coulple testing users?
Regards,Tai
ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!
On 11 February 2018 at 09:17 tai74@vfemail.net wrote:
Quoting tai74@vfemail.net:
Aki really thanks for reply,, I hope for continue the conversation,
Do you have advice about Dovecot plugins for mail encryption:
https://wiki2.dovecot.org/Plugins/MailCrypt https://0xacab.org/riseuplabs/trees
I like NaCL based encryption but the MailCrypt plugin is better because it's maintained by Dovecot developers (is this correct?)
Hard to understand MailCrypt docs so may I ask, may I provide per user encryption? I don't like global because I want every user to have different encryption based on their password. But I don't see the useful of per-folder encryption. Docs for TREES are easier to understand it will work on a per-user encryption using the user password to decrypt the needed keys.
How about indexing? Does native fast Dovecot indexing must be turned off for one of these or both? Is this a big performance hit? And how to turn off indexing on a per-user basis?
Mail crypt plugin in dovecot core is indeed developed and
maintained by us. Turning on encryption is simple, but you'll have
to consider key management closely.The simple instructions are
mail_plugins = $mail_plugins mail_crypt mail_attribute_dict = file:%h/Maildir/dovecot-attributes
plugin { mail_crypt_curve = <some curve you like> mail_crypt_save_version = 2 }
With no other settings, I understand this to auto-generate keys. It's putting them in mail_attribute_dict? How is that related to mail_crypt_private_key,, which is for what then?
mail_crypt_private_key is *NOT* same as mail_crypt_*global*_private_key.
mail_crypt_global_private_key means it will use this private key to decrypt all mails. mail_crypt_global_public_key means this key will be used to encrypt all mails.
"mail_crypt_private_key - Private key to decrypt user's master key, can be base64 encoded"
in other words, this is used to encrypt the user key.
All generated keys are stored in mail attribute dict.
This will turn on automatic key creation for folders and users.
I guess it's saying "folders" mode because each folder has a keypair but I don't understand why a single keypair isn't enough? Because of possibility to have shared folders? Anywayz I'm confused how it relating against global mode and where user mode fits (there is no user mode say the docs).
In managed mode, where no global key(s) are provided, dovecot will generate a user-key and folder keys. The folders keys are encrypted using user key. User key is optionally encrypted with either password or some other key (mail_crypt_private_password / mail_crypt_private_key).
Having per-folder key makes key sharing easier and doable in ACL situation, and also reduces problems if single folder key is for some inexplicable reason exposed.
NOTE that the keys won't be encrypted in this scenario.
To encrypt keys you have few choices. You can use a static
password, static ECC key, per-user password, per-user ECC key,
per-user password protected ECC key.Sorry newb question, though how is this choice made (on different values of mail_crypt_require_encrypted_user_key?)
No. This is only for key sharing with ACLs.
With the per-user model, the easiest, if you don't let users change
password could be adding into userdb or passdb,
mail_crypt_private_password = %{sha512:password}If you want users to be able to change passwords, you either need
to manage the encryption passwords in user database, or call
doveadm mailbox cryptokey password during password change.I have custom userdb lookup so I don't mind to manage key encryption passwords in database, but how do I do it? Is it by to include mail_crypt_private_password in the userdb lookup?
Moreso,, if I want password same to be as regular IMAP password, is there security problem? I think it's possible to return plaintext password for userdb lookup with %w right?
You can do that, too.
Moreso,, I don't see that to work because maybe pwd changes in userdb but encryption keys (stored where?) still be encrypted with old pwd no? In such case, what is to be done? Your indication was that doveadm can be used but that there is another soultion which doesn't become full evident to me yet.
If you have a custom user database, you can generate random encryption keys or passwords for user key encryption and provide those.
As I said before, the single most important thing is key management.
Is literally solution now I must also store keys in database and make custom pwd change module decrypt to re-encrypt them with new pwd?
Yes, or use doveadm mailbox cryptokey password to re-encrypt the user key using new password.
Also we do not currently support DR keys, so if the per-user key is
lost, you will not be able to recover the mails.Fair!
Forgot to add that currently it's not possible to encrypt indexes due to how lib-index is designed.
To infer your statement, this means indexing will work anyway ok even with encryption turning on? With caveat of have unencrypted metadata in index files? So that we must choose, unprotected metadata or remove indexing? May indexing be removed per-user, maybe from userdb lookup?
No. It means that dovecot.index* and dovecot.cache* will be unencrypted on your disk. Any access to email requires a key to be able to decrypt them.
Adding questions: will encryption work equally with maildir, dbox, mdbox et al?
Yes.
Will encryption work with zlib compression?
Yes.
I want to test encryption but only on a test account not all accounts, possible to enable for just a coulple testing users?
Set mail_save_version=2 in userdb. 0 is "read-only mode".
Regards,Tai
Regards, Aki
ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features!
15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options!
participants (2)
-
Aki Tuomi
-
tai74@vfemail.net