dovecot - May 2017 - Another mail_crypt question: figure out to password secure using mysql

Hello Community,

(sorry to be more busy, hence more running questions in parallel :) )

As mentioned in another post, I am testing mail_crypt plugin.

I was wondering how to really secure the process sothat even the admin 
cannot have any access to the other users mail content.


My current config is simple:

- using per-folder keys (hence the per-user spaces are preserved)

- put the public/private global keys in base64 format into the sql DB 
(elliptic algo)

This obviously allows anyone with read access to the table to decrypt 
the mails from the filesystem... which I try to prevent.


Considering of course that all mail users are virtual and do not (and 
may not) have access to the box itself:

- how can I secure the keys? I do not see how to handle a assword for them?

- a solution might be to crypt/decrypt the keys using the user's password?

- other?


Thank you for you help.

> On May 26, 2017 at 5:13 PM "dovecot at avv.solutions" <dovecot
at avv.solutions> wrote:
> 
> 
> Hello Community,
> 
> (sorry to be more busy, hence more running questions in parallel :) )
> 
> As mentioned in another post, I am testing mail_crypt plugin.
> 
> I was wondering how to really secure the process sothat even the admin 
> cannot have any access to the other users mail content.
> 
> 
> My current config is simple:
> 
> - using per-folder keys (hence the per-user spaces are preserved)
> 
> - put the public/private global keys in base64 format into the sql DB 
> (elliptic algo)
> 
> This obviously allows anyone with read access to the table to decrypt 
> the mails from the filesystem... which I try to prevent.
> 
> 
> Considering of course that all mail users are virtual and do not (and 
> may not) have access to the box itself:
> 
> - how can I secure the keys? I do not see how to handle a assword for them?
> 
> - a solution might be to crypt/decrypt the keys using the user's
password?
> 
> - other?
> 
> 
> Thank you for you help.
(sorry for possible duplicate)

You can use userdb attribute mail_crypt_private_password to encrypt the private
key. You can use something like

userdb_mail_crypt_private_password = %{pkcs5;salt=<random
string>%Lu:password}

to generate the encryption password on the fly from passdb.

Aki Tuomi
Dovecot Oy

Thank you Aki, I will try to digg into that direction


On 05/26/2017 04:44 PM, Aki Tuomi wrote:
>> On May 26, 2017 at 5:13 PM "dovecot at avv.solutions"
<dovecot at avv.solutions> wrote:
>>
>>
>> Hello Community,
>>
>> (sorry to be more busy, hence more running questions in parallel :) )
>>
>> As mentioned in another post, I am testing mail_crypt plugin.
>>
>> I was wondering how to really secure the process sothat even the admin
>> cannot have any access to the other users mail content.
>>
>>
>> My current config is simple:
>>
>> - using per-folder keys (hence the per-user spaces are preserved)
>>
>> - put the public/private global keys in base64 format into the sql DB
>> (elliptic algo)
>>
>> This obviously allows anyone with read access to the table to decrypt
>> the mails from the filesystem... which I try to prevent.
>>
>>
>> Considering of course that all mail users are virtual and do not (and
>> may not) have access to the box itself:
>>
>> - how can I secure the keys? I do not see how to handle a assword for
them?
>>
>> - a solution might be to crypt/decrypt the keys using the user's
password?
>>
>> - other?
>>
>>
>> Thank you for you help.
> (sorry for possible duplicate)
>
> You can use userdb attribute mail_crypt_private_password to encrypt the
private key. You can use something like
>
> userdb_mail_crypt_private_password = %{pkcs5;salt=<random
string>%Lu:password}
>
> to generate the encryption password on the fly from passdb.
>
> Aki Tuomi
> Dovecot Oy