end-to-end encryption

Aki Tuomi aki.tuomi at dovecot.fi
Wed May 16 13:01:43 EEST 2018



On 16.05.2018 12:56, Jochen Bern wrote:
> On 05/16/2018 06:07 AM, Aki Tuomi wrote:
>>> On 15 May 2018 at 22:43 Gandalf Corvotempesta <gandalf.corvotempesta at gmail.com> wrote:
>>> Is possible to implement and end-to-end encryption with dovecot, where
>>> server-side there is no private key to decrypt messages?
>> You could probably automate this with sieve and e.g. GnuPG, which would mean
>> that all your mails are encrypted without server having key to decrypt this.
> Considering the keywords "dovecot" and "sieve", that would still not be
> "end to end" and not even "MSA to MX"(-ish) but merely "encrypted
> storage upon/after final delivery", wouldn't it ... ?
>
> FWIW, for auto-encrypting someplace near the MSA, I've used the "GPGPit"
> tool that's available on the web (and that I've made into an "SMIMEit"
> myself). The nontrivial problem with that is to retrieve recipients'
> pubkeys in an even remotely trustworthy manner, of course.
>
> Regards,

To be strict, 'end to end' would mean that the SENDER would encrypt it
on his station, and RECEIVER would only decrypt it on his station.
Everything else is not end-to-end =)

Aki


More information about the dovecot mailing list