dovecot at avv.solutions
2017-May-26 14:13 UTC
Another mail_crypt question: figure out to password secure using mysql
Hello Community, (sorry to be more busy, hence more running questions in parallel :) ) As mentioned in another post, I am testing mail_crypt plugin. I was wondering how to really secure the process sothat even the admin cannot have any access to the other users mail content. My current config is simple: - using per-folder keys (hence the per-user spaces are preserved) - put the public/private global keys in base64 format into the sql DB (elliptic algo) This obviously allows anyone with read access to the table to decrypt the mails from the filesystem... which I try to prevent. Considering of course that all mail users are virtual and do not (and may not) have access to the box itself: - how can I secure the keys? I do not see how to handle a assword for them? - a solution might be to crypt/decrypt the keys using the user's password? - other? Thank you for you help.
Aki Tuomi
2017-May-26 14:44 UTC
Another mail_crypt question: figure out to password secure using mysql
> On May 26, 2017 at 5:13 PM "dovecot at avv.solutions" <dovecot at avv.solutions> wrote: > > > Hello Community, > > (sorry to be more busy, hence more running questions in parallel :) ) > > As mentioned in another post, I am testing mail_crypt plugin. > > I was wondering how to really secure the process sothat even the admin > cannot have any access to the other users mail content. > > > My current config is simple: > > - using per-folder keys (hence the per-user spaces are preserved) > > - put the public/private global keys in base64 format into the sql DB > (elliptic algo) > > This obviously allows anyone with read access to the table to decrypt > the mails from the filesystem... which I try to prevent. > > > Considering of course that all mail users are virtual and do not (and > may not) have access to the box itself: > > - how can I secure the keys? I do not see how to handle a assword for them? > > - a solution might be to crypt/decrypt the keys using the user's password? > > - other? > > > Thank you for you help.(sorry for possible duplicate) You can use userdb attribute mail_crypt_private_password to encrypt the private key. You can use something like userdb_mail_crypt_private_password = %{pkcs5;salt=<random string>%Lu:password} to generate the encryption password on the fly from passdb. Aki Tuomi Dovecot Oy
dovecot at avv.solutions
2017-May-26 15:12 UTC
Another mail_crypt question: figure out to password secure using mysql
Thank you Aki, I will try to digg into that direction On 05/26/2017 04:44 PM, Aki Tuomi wrote:>> On May 26, 2017 at 5:13 PM "dovecot at avv.solutions" <dovecot at avv.solutions> wrote: >> >> >> Hello Community, >> >> (sorry to be more busy, hence more running questions in parallel :) ) >> >> As mentioned in another post, I am testing mail_crypt plugin. >> >> I was wondering how to really secure the process sothat even the admin >> cannot have any access to the other users mail content. >> >> >> My current config is simple: >> >> - using per-folder keys (hence the per-user spaces are preserved) >> >> - put the public/private global keys in base64 format into the sql DB >> (elliptic algo) >> >> This obviously allows anyone with read access to the table to decrypt >> the mails from the filesystem... which I try to prevent. >> >> >> Considering of course that all mail users are virtual and do not (and >> may not) have access to the box itself: >> >> - how can I secure the keys? I do not see how to handle a assword for them? >> >> - a solution might be to crypt/decrypt the keys using the user's password? >> >> - other? >> >> >> Thank you for you help. > (sorry for possible duplicate) > > You can use userdb attribute mail_crypt_private_password to encrypt the private key. You can use something like > > userdb_mail_crypt_private_password = %{pkcs5;salt=<random string>%Lu:password} > > to generate the encryption password on the fly from passdb. > > Aki Tuomi > Dovecot Oy