[Dovecot] Pointers for developing a proper encryption plugin?
Jan-Frode Myklebust
janfrode at tanso.net
Mon Jan 3 21:40:41 EET 2011
To store the messages safely/safeish, I think you will have to use
public key cypto. Messages delivered should be encrypted with the user's
public key on delivery, and decrypted by combination of the user's server
side stored secret key and login passphrase. The secret key probably also
would need to be stored somewhere serverside "in escrow" -- in case the
user forgets his passphrase.
"any administrator with sufficient privileges" will still be able to
sniff the password and decrypt the messages... but that's probably
unavoidable unless you use full end to end encryption a-la
PGP/GPG, S/MIME, ..
-jf
More information about the dovecot
mailing list