At rest encryption (with protected crypto keys)
Kees de Jong
kees.dejong+lst at neobits.nl
Tue Mar 24 15:28:47 EET 2020
Hi,
As stated on the Dovecot documentation, at rest encryption is possible
[1]. However, these keys are present on the system itself and are
unprotected. Therefore, if a system is compromised, the attacker has
access to the encrypted mail and the keys. There is no security benefit
in that situation, except for hoping that the attacker doesn't
understand that this is happening and how.
Nextcloud does this a bit better. A key is used to encrypt user data as
well [2]. However, that key is protected with the user's password. When
the user logs in and requests data, the user's password unlocks the key
and data can be read and written safely. This also takes into account
password changes. Files don't need to be encrypted again, the
encryption key is simply re-encrypted with the new user's password.
How does the Dovecot community see this? Is at rest encryption needed
in times of increased security and privacy problems? I think it is a
must, just like 2FA, but that's a different story.
I think the current possibility of at rest encryption is not well
applied enough. Is this something that's on the agenda to improve? Or
am I missing something? Is there a better way of doing this?
[1]
https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/#mail-crypt-plugin
[2] https://nextcloud.com/encryption/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://dovecot.org/pipermail/dovecot/attachments/20200324/ee04cdbd/attachment.sig>
More information about the dovecot
mailing list