Best mail encryption solution for per-user

Aki Tuomi aki.tuomi at dovecot.fi
Fri Feb 9 08:36:52 EET 2018


> On February 9, 2018 at 8:31 AM Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> 
> 
> 
> > On February 9, 2018 at 3:20 AM tai74 at vfemail.net wrote:
> > 
> > 
> > 
> > Hai,
> > 
> > Do you have advice about Dovecot plugins for mail encryption:
> > 
> > https://wiki2.dovecot.org/Plugins/MailCrypt
> > 
> > https://0xacab.org/riseuplabs/trees
> > 
> > I like NaCL based encryption but the MailCrypt plugin is better  
> > because it's maintained by Dovecot developers (is this correct?)
> > 
> > Hard to understand MailCrypt docs so may I ask, may I provide per user  
> > encryption? I don't like global because I want every user to have  
> > different encryption based on their password. But I don't see the  
> > useful of per-folder encryption. Docs for TREES are easier to  
> > understand it will work on a per-user encryption using the user  
> > password to decrypt the needed keys.
> > 
> > How about indexing? Does native fast Dovecot indexing must be turned  
> > off for one of these or both? Is this a big performance hit? And how  
> > to turn off indexing on a per-user basis?
> > 
> > Thank you so very mcuh
> > 
> > 
> 
> Hi!
> 
> Mail crypt plugin in dovecot core is indeed developed and maintained by us. Turning on encryption is simple, but you'll have to consider key management closely.
> 
> The simple instructions are
> 
> mail_plugins = $mail_plugins mail_crypt
> mail_attribute_dict = file:%h/Maildir/dovecot-attributes
> 
> plugin {
>   mail_crypt_curve = <some curve you like>
>   mail_crypt_save_version = 2
> }
> 
> This will turn on automatic key creation for folders and users.
> 
> NOTE that the keys won't be encrypted in this scenario.
> 
> To encrypt keys you have few choices. You can use a static password, static ECC key, per-user password, per-user ECC key, per-user password protected ECC key.
> 
> With the per-user model, the easiest, if you don't let users change password could be adding into userdb or passdb, mail_crypt_private_password = %{sha512:password}
> 
> If you want users to be able to change passwords, you either need to manage the encryption passwords in user database, or call doveadm mailbox cryptokey password during password change.
> 
> Also we do not currently support DR keys, so if the per-user key is lost, you will not be able to recover the mails.
> 

Forgot to add that currently it's not possible to encrypt indexes due to how lib-index is designed.

> Aki


More information about the dovecot mailing list