Can I encrypt already existant unencrypted mail before I start using the mail-crypt plugin?
Hi,
I am using dovecot 2.3.16, along with postfix and a PostgreSQL database for managing virtual accounts.
I'd like to start using the mail-crypt plugin. However, I'm having a bit some difficulty understanding the documentation at
https://doc.dovecot.org/configuration_manual/mail_crypt_plugin
to reach my goal. I plan to ask questions about those issues by starting new threads in this mailing list. But before I even come to that, I'd like to investigate the following:
The above documentation only addresses a clean install and doesn't seem to mention encrypting already existent unencrypted mails, like my server has. Is it possible to encrypt those before I start using the mail-crypt plugin, such that it will be able to decrypt those messages as well?
If it is, I am assuming that how I would go about achieving that will be very dependent on the ultimate configuration I have in mind (pub/priv keys, etc.). So I don't expect a full-fledged guide. However, if you could perhaps give a general overview of what would be needed to achieve this, I would very much appreciate that.
Thank you.
On 16/02/2023 07:18 EET mailinglist-subscriptions mailinglist-subscriptions@protonmail.com wrote:
Hi,
I am using dovecot 2.3.16, along with postfix and a PostgreSQL database for managing virtual accounts.
I'd like to start using the mail-crypt plugin. However, I'm having a bit some difficulty understanding the documentation at
https://doc.dovecot.org/configuration_manual/mail_crypt_plugin
to reach my goal. I plan to ask questions about those issues by starting new threads in this mailing list. But before I even come to that, I'd like to investigate the following:
The above documentation only addresses a clean install and doesn't seem to mention encrypting already existent unencrypted mails, like my server has. Is it possible to encrypt those before I start using the mail-crypt plugin, such that it will be able to decrypt those messages as well?
If it is, I am assuming that how I would go about achieving that will be very dependent on the ultimate configuration I have in mind (pub/priv keys, etc.). So I don't expect a full-fledged guide. However, if you could perhaps give a general overview of what would be needed to achieve this, I would very much appreciate that.
Thank you.
It will be easiest to do migration to new server, then the data will get encrypted while migrating. It is possible to write a script to do this, but will be much more hassle than migration.
You might even be able to do it for one user at a time, by doing migration from maildir to maildir and then moving the new maildir over the old one.
Aki
On Tuesday, February 21st, 2023 at 09:54, Aki Tuomi aki.tuomi@open-xchange.com wrote:
On 16/02/2023 07:18 EET mailinglist-subscriptions mailinglist-subscriptions@protonmail.com wrote:
Hi,
I am using dovecot 2.3.16, along with postfix and a PostgreSQL database for managing virtual accounts.
I'd like to start using the mail-crypt plugin. However, I'm having a bit some difficulty understanding the documentation at
https://doc.dovecot.org/configuration_manual/mail_crypt_plugin
to reach my goal. I plan to ask questions about those issues by starting new threads in this mailing list. But before I even come to that, I'd like to investigate the following:
The above documentation only addresses a clean install and doesn't seem to mention encrypting already existent unencrypted mails, like my server has. Is it possible to encrypt those before I start using the mail-crypt plugin, such that it will be able to decrypt those messages as well?
If it is, I am assuming that how I would go about achieving that will be very dependent on the ultimate configuration I have in mind (pub/priv keys, etc.). So I don't expect a full-fledged guide. However, if you could perhaps give a general overview of what would be needed to achieve this, I would very much appreciate that.
Thank you.
It will be easiest to do migration to new server, then the data will get encrypted while migrating. It is possible to write a script to do this, but will be much more hassle than migration.
You might even be able to do it for one user at a time, by doing migration from maildir to maildir and then moving the new maildir over the old one.
Aki
Thanks for the suggestion. However, migrating sounds like quite the hassle as well.
Now, I have next to no knowledge about the synchronization workings of IMAP, so perhaps this is totally infeasible, but could the following work?
Preface I am the only user of the mail server, with one virtual catch-all account for each domain I own. I access these accounts with Thunderbird.
Solution I make a backup of all mail in my Thunderbird accounts. Then I either delete all mails from within Thunderbird, or on the server. Then I configure the mail-crypt plugin. And then I import all backup mails and folders into my Thunderbird accounts again?
Could that work? Or would that mess up the synchronization history (message IDs and what not)? And most importantly, if it actually could work, would the messages be properly encrypted then?
I would definitely get mail-crypt working on your system before worrying about encrypting existing emails. Iirc dovecot should support both types of files (encrypted, and non-encrypted) concurrently. So BEFORE you try anything, make sure via logs, etc that mail is being written to the fs as an encrypted file and that dovecot is able to decrypt it (i.e. you are able to view that particular mail file from your email client).
My specific use case way back was to encrypt a maildir system using this plugin a year or so ago. I believe there are 2 ways to set mail-crypt up. Using global keys or folder-specific keys. What you will learn going through this process using folder-specific keys is that any time mail is moved (from an IMAP directory to another) the mail becomes effectively re-encrypted using the destination's folder keys. I imagine how this works under global keys is that the mail is encrypted once when it is moved, then never again unless keys change. So all you would need to do to encrypt existing mail using either method would be to create a temp imap folder, move mail from each IMAP folder one at a time into this temp folder, then back to the original IMAP folder.
I had a few questions at the time in implementing this, so I've linked here the dovecot mailing list thread so it might provide some context if needed:
https://dovecot.org/pipermail/dovecot/2021-July/122469.html
On 2/21/23 16:29, Jeremy wrote:
On Tuesday, February 21st, 2023 at 09:54, Aki Tuomi aki.tuomi@open-xchange.com wrote:
On 16/02/2023 07:18 EET mailinglist-subscriptions mailinglist-subscriptions@protonmail.com wrote:
Hi,
I am using dovecot 2.3.16, along with postfix and a PostgreSQL database for managing virtual accounts.
I'd like to start using the mail-crypt plugin. However, I'm having a bit some difficulty understanding the documentation at
https://doc.dovecot.org/configuration_manual/mail_crypt_plugin
to reach my goal. I plan to ask questions about those issues by starting new threads in this mailing list. But before I even come to that, I'd like to investigate the following:
The above documentation only addresses a clean install and doesn't seem to mention encrypting already existent unencrypted mails, like my server has. Is it possible to encrypt those before I start using the mail-crypt plugin, such that it will be able to decrypt those messages as well?
If it is, I am assuming that how I would go about achieving that will be very dependent on the ultimate configuration I have in mind (pub/priv keys, etc.). So I don't expect a full-fledged guide. However, if you could perhaps give a general overview of what would be needed to achieve this, I would very much appreciate that.
Thank you.
It will be easiest to do migration to new server, then the data will get encrypted while migrating. It is possible to write a script to do this, but will be much more hassle than migration.
You might even be able to do it for one user at a time, by doing migration from maildir to maildir and then moving the new maildir over the old one.
Aki Thanks for the suggestion. However, migrating sounds like quite the hassle as well.
Now, I have next to no knowledge about the synchronization workings of IMAP, so perhaps this is totally infeasible, but could the following work?
Preface I am the only user of the mail server, with one virtual catch-all account for each domain I own. I access these accounts with Thunderbird.
Solution I make a backup of all mail in my Thunderbird accounts. Then I either delete all mails from within Thunderbird, or on the server. Then I configure the mail-crypt plugin. And then I import all backup mails and folders into my Thunderbird accounts again?
Could that work? Or would that mess up the synchronization history (message IDs and what not)? And most importantly, if it actually could work, would the messages be properly encrypted then?
Thanks for the link. That sounds like the most hassle-free approach for me (since I don't have much mail yet). I think I'll give that a shot. And I'll be sure to make a backup first.
PS: apologies to Aki by the way, for accidentally replying directly to you earlier as well. I can't get protonmail to reply to the mailing list only, without manually adjusting it. Also apologies for answering above the message now, when I answered underneath the message first. Since I don't see a consistent style in this mailing list I'll use my preferred style of answering above messages from now on.
On Wednesday, February 22nd, 2023 at 00:49, Ben Burk ben@burk.tech wrote:
I would definitely get mail-crypt working on your system before worrying about encrypting existing emails. Iirc dovecot should support both types of files (encrypted, and non-encrypted) concurrently. So BEFORE you try anything, make sure via logs, etc that mail is being written to the fs as an encrypted file and that dovecot is able to decrypt it (i.e. you are able to view that particular mail file from your email client).
My specific use case way back was to encrypt a maildir system using this plugin a year or so ago. I believe there are 2 ways to set mail-crypt up. Using global keys or folder-specific keys. What you will learn going through this process using folder-specific keys is that any time mail is moved (from an IMAP directory to another) the mail becomes effectively re-encrypted using the destination's folder keys. I imagine how this works under global keys is that the mail is encrypted once when it is moved, then never again unless keys change. So all you would need to do to encrypt existing mail using either method would be to create a temp imap folder, move mail from each IMAP folder one at a time into this temp folder, then back to the original IMAP folder.
I had a few questions at the time in implementing this, so I've linked here the dovecot mailing list thread so it might provide some context if needed:
https://dovecot.org/pipermail/dovecot/2021-July/122469.html
On 2/21/23 16:29, Jeremy wrote:
On Tuesday, February 21st, 2023 at 09:54, Aki Tuomi aki.tuomi@open-xchange.com wrote:
On 16/02/2023 07:18 EET mailinglist-subscriptions mailinglist-subscriptions@protonmail.com wrote:
Hi,
I am using dovecot 2.3.16, along with postfix and a PostgreSQL database for managing virtual accounts.
I'd like to start using the mail-crypt plugin. However, I'm having a bit some difficulty understanding the documentation at
https://doc.dovecot.org/configuration_manual/mail_crypt_plugin
to reach my goal. I plan to ask questions about those issues by starting new threads in this mailing list. But before I even come to that, I'd like to investigate the following:
The above documentation only addresses a clean install and doesn't seem to mention encrypting already existent unencrypted mails, like my server has. Is it possible to encrypt those before I start using the mail-crypt plugin, such that it will be able to decrypt those messages as well?
If it is, I am assuming that how I would go about achieving that will be very dependent on the ultimate configuration I have in mind (pub/priv keys, etc.). So I don't expect a full-fledged guide. However, if you could perhaps give a general overview of what would be needed to achieve this, I would very much appreciate that.
Thank you.
It will be easiest to do migration to new server, then the data will get encrypted while migrating. It is possible to write a script to do this, but will be much more hassle than migration.
You might even be able to do it for one user at a time, by doing migration from maildir to maildir and then moving the new maildir over the old one.
Aki Thanks for the suggestion. However, migrating sounds like quite the hassle as well.
Now, I have next to no knowledge about the synchronization workings of IMAP, so perhaps this is totally infeasible, but could the following work?
Preface I am the only user of the mail server, with one virtual catch-all account for each domain I own. I access these accounts with Thunderbird.
Solution I make a backup of all mail in my Thunderbird accounts. Then I either delete all mails from within Thunderbird, or on the server. Then I configure the mail-crypt plugin. And then I import all backup mails and folders into my Thunderbird accounts again?
Could that work? Or would that mess up the synchronization history (message IDs and what not)? And most importantly, if it actually could work, would the messages be properly encrypted then?
participants (4)
-
Aki Tuomi
-
Ben Burk
-
Jeremy
-
mailinglist-subscriptions