Hello!
Is there a way to encrypt all of the Cyrus' user-specific files on the
disk? So that somebody breaking in -- or stealing the server -- has no
access to the messages (and other data) unless a user's password is also
available?
This is how I'd envision it:
* A somewhat secret "salt" and the location of a (memory-backed)
cyrus-only directory, such as /tmp/cyruspw, are set in a config-file.
* A user logs in using a pam-module, which creates a symlink such as
/tmp/cyruspw//user/ -> somehash(/salt/+/password+user/).
* Subsequent access to the user's files uses the above hash as the
key for user's messages, attachments, etc.
* New messages are stored unencrypted (or on a shared encrypted
partition) until the next time this user logs in. When he does,
his user-specific encryption begins in background.
* When the user disconnects, and all unencrypted messages are
encrypted, the user's entry is removed from /tmp/cyruspw until his
next login.
* A (rare) password-change will require all unencrypted messages to
be re-encrypted with the new hash -- until the re-encryption is
completed, the server will keep the old hash around (in a
different location, that would survive a system restart, such as
/var/cyrus/oldpw//user /->/ oldhash/) to provide access to the
not-yet-re-encrypted messages.
A fancier system could also provide for a "master password" to allow
message-recovery in case of the user forgetting their password (or a
law-enforcement subpoena). Some people may choose to not use this
feature in their setup...
I think, this ensures reasonable protection for the stored messages
without any cooperation from the MUA -- a stolen server (or a
decommissioned hard-drive) will not reveal user's e-mails. Also, each
user is assured, that their old emails are not accessible to anyone,
/when he isn't accessing them himself/.
This may be possible to do right now -- without changing the Cyrus' code
at all -- by using encrypted filesystems. Unfortunately, it means, each
user's files would have to reside on their own filesystem... The
proposed mechanism would provide a better way without /too much/
trouble. What do you think?
-mi
