As well as fetching the public key, it'd need access to a private key too. I think the private key is considered the bigger problem, for various reasons.
There have been a few attempts addressing the needs of this complex use case. AFAICS none have been successful, but I'm out of date. See the (abandoned?) STEED project and their whitepaper: https://g10code.com/steed.html. That is by g10code - the creator of GPG. Disclaimer: I once worked for them. Sam. On 27 October 2019 07:27:53 CET, lists <li...@lazygranch.com> wrote: >Let me try again. So the email comes in. Some programs gets your public >key and then encrypts the email on the server. Then when you retrieve >your email, it sends it out in what it believes is plain text or for >that matter can to TLS on the file, but you get a GPG message that you >then decrypt. > >So the reason this isn't normally done is a general purpose email >server would have to do this on per client basis, somehow getting the >proper public key for each client. > >Am I right? Close? > >If not I will shut up and wait for a guru to reply. > > > > > > > Original Message > > > >From: 400the...@gmx.ch >Sent: October 26, 2019 10:46 PM >To: postfix-users@postfix.org >Subject: Re: postfix filter to encrypt incoming emails with public gpg >key > > >On 27/10/2019 06.26, lists wrote: >> My bank insists I use their website for anything secure. I don't get >anything in my email that would be a security problem. > >I used bank just as an example. Feel free to substitute another >scenario, if you find mine hard to imagine. > >> Wouldn't a private key have to be held on your server to do what you >want? If so, that hacker can get the key. > >No. Definitely not. >Only public key is needed for asymmetric encryption. > >> Personally I would harden the server. It sounds like this is a >private server. You can use the firewall to vastly limit the countries >where your email can be retrieved. That is filter the hell out of all >email ports except 25. Besides filtering countries, I have a file of >about 30k of ipv4 cidrs from data centers that I block from all email >ports except 25 and all the web ports. No eyeballs in datacenters. > >Sure, I want to have both: >A secure server, AND encrypted emails. What is wrong with that ? -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
