Fwd: Re: making a plugin encrypt index data

Aki Tuomi aki.tuomi at dovecot.fi
Fri Dec 16 21:27:58 UTC 2016 

> ---------- Original Message ----------
> From: Aki Tuomi <aki.tuomi at dovecot.fi>
> To: micah anderson <micah at riseup.net>
> Date: December 16, 2016 at 11:25 PM
> Subject: Re: making a plugin encrypt index data
> 
> When we released our encryption plugin, mail-crypt, it's capabilities include fs-crypt. This can be used to encrypt things like FTS indexes and attachments, and with suitable mail storage, such as obox, you can also encrypt indexes.
> 
> To extend this support to dbox or maildir, does require rather involved changes in dovecot core, which currently has no support for fs-api in index handling. This might happen on v2.3 or v2.4, depending.
> 
> I somehow suspect that the work estimate would exceed your budget. But it is going to happen, it's just matter of time. Can't give you any timeline though, since we have not decided on one yet.
> 
> Aki
> 
> > On December 16, 2016 at 9:53 PM micah anderson <micah at riseup.net> wrote:
> > 
> > 
> > 
> > Hi Aki,
> > 
> > Do you have any idea approximately when this would be planned for?
> > 
> > We are also interested potentially paying for the ability to encrypt our
> > indexes, as this is a major concern for us. We don't have a lot of money
> > as a non-profit, but if there is a possibility of contract work, we
> > would be interested to know what it would cost to do it.
> > 
> > thanks,
> > micah
> > 
> > Aki Tuomi <aki.tuomi at dovecot.fi> writes:
> > 
> > >> On December 16, 2016 at 6:48 PM micah anderson <micah at riseup.net> wrote:
> > >> 
> > >> 
> > >> 
> > >> Hello,
> > >> 
> > >> I'm encrypting mail on disk using a plugin[0], but the index files are
> > >> not encrypted (specifically the dovecot.index.cache can be read).
> > >> 
> > >> I want to do is encrypt index on disk, so I'm looking for how a plugin
> > >> can achieve that by hooking into the right locations. Is that easily
> > >> possible in a plugin?
> > >> 
> > >> I can turn off those indexes by passing INDEX=MEMORY, but that isn't
> > >> possible if I use sdbox/mdbox.
> > >> 
> > >> thanks for any suggestions!
> > >> micah
> > >> 
> > >> 0. https://0xacab.org/riseuplabs/tofu-scrambler
> > >
> > > Hi!
> > >
> > > At the moment it's not possible without making new storage class. We are planning to add support for fs drivers for indexes at some point.
> > >
> > > Aki Tuomi
> > > Dovecot Oy

More information about the dovecot mailing list