[Dovecot] Pointers for developing a proper encryption plugin?
Michael Orlitzky
michael at orlitzky.com
Thu Jan 6 21:05:29 EET 2011
On 01/06/2011 06:54 AM, Christian Felsing wrote:
> Am 04.01.2011 07:38, schrieb tomas at tuxteam.de:
>> The idea upthread (Jan-Frode) to keep a public key server-side and
>> encrypt messages on arrival seems to me the way to go.
>
> I would support that idea. Private key should be encrypted with users
> passphrase. If user changes password privet key needs to be decrypted
> with old password and reencrypted with new password.
>
> Public key never changes, so maildir is never required to be touched, if
> user changes password and server does not need to know users secret to
> receive mail.
This still doesn't work, because the administrator is the one who tells
the system to encrypt messages as they arrive. He can peek at the
messages before they're encrypted with the user's public key.
It's impossible to hide the contents of a plain-text message from the
person who receives it in plain text (the administrator). PGP/GPG is the
only option.
More information about the dovecot
mailing list