On 2013-10-30 16:03, Miquel van Smoorenburg wrote:
On 28/10/13 23:22, Frerich Raabe wrote:
You could imagine a system which requires users to generate a key
pair
and then submit their public key. The mail system will encrypt all
mail
received for a user with that users public key. When accessing the
mail,
the user configures his user agent to use the private key to decrypt
the
mail.
[..]
Well you can generate the public and private key on the server, then
set the users password as the keyphrase, and leave it stored on the
server.
Incoming mail would be automatically encrypted with the public key,
then stored.
When the user logs in to imap/pop the password is not only used for
authentication, but also to unlock the private key. Dovecot can then
decrypt the messages on the fly.
Basically this is how Lavamail worked. It is reasonably secure, but
doesn't help against a hostile root user on the server that hacks
dovecot to just log the password when a user logs in. Or someone who
has acquired your SSL keys and taps your internet connection.
The whole idea of using asymmetric encryption was that the server
*does not* have the private key. It only has the public key, so it
can store incoming mail encrypted using the users public key (which
requires no password). Dovecot would then just serve the encrypted
mail, all encryption would happen on the client side using the private
key which only the client has.
In the case of Maildir, I suspect (but I don't know) that Dovecot
doesn't treat the individual files as plain data: it does look into
them
when serving (not only when indexing) to parse some headers or so. So
I guess you cannot just encrypt the raw file on disk but you rather
have
to "rewrite" the mail so that only the body is encrypted but the
headers
are left untouched. This means that a hostile root user could see the
headers, but at least not the body of the message.
--
Frerich Raabe - ra...@froglogic.com
www.froglogic.com - Multi-Platform GUI Testing
