[Dovecot] Encryption solution for messages at rest

Frerich Raabe raabe at froglogic.com
Wed Oct 30 17:11:12 EET 2013


On 2013-10-30 16:03, Miquel van Smoorenburg wrote:
> On 28/10/13 23:22, Frerich Raabe wrote:
>> You could imagine a system which requires users to generate a key 
>> pair
>> and then submit their public key. The mail system will encrypt all 
>> mail
>> received for a user with that users public key. When accessing the 
>> mail,
>> the user configures his user agent to use the private key to decrypt 
>> the
>> mail.

[..]

> Well you can generate the public and private key on the server, then
> set the users password as the keyphrase, and leave it stored on the
> server.
>
> Incoming mail would be automatically encrypted with the public key, 
> then stored.
>
> When the user logs in to imap/pop the password is not only used for
> authentication, but also to unlock the private key. Dovecot can then
> decrypt the messages on the fly.
>
> Basically this is how Lavamail worked. It is reasonably secure, but
> doesn't help against a hostile root user on the server that hacks
> dovecot to just log the password when a user logs in. Or someone who
> has acquired your SSL keys and taps your internet connection.

The whole idea of using asymmetric encryption was that the server
*does not* have the private key. It only has the public key, so it
can store incoming mail encrypted using the users public key (which
requires no password). Dovecot would then just serve the encrypted
mail, all encryption would happen on the client side using the private
key which only the client has.

In the case of Maildir, I suspect (but I don't know) that Dovecot
doesn't treat the individual files as plain data: it does look into 
them
when serving (not only when indexing) to parse some headers or so. So
I guess you cannot just encrypt the raw file on disk but you rather 
have
to "rewrite" the mail so that only the body is encrypted but the 
headers
are left untouched. This means that a hostile root user could see the
headers, but at least not the body of the message.

-- 
Frerich Raabe - raabe at froglogic.com
www.froglogic.com - Multi-Platform GUI Testing


More information about the dovecot mailing list