> Wiadomo?? napisana przez Aki Tuomi <aki.tuomi at dovecot.fi> w dniu 06.11.2017, o godz. 08:44: > > On 04.11.2017 20:52, Zbyszek ???kiewski wrote: >> Hi, >> >> I have few questions regarding mail_crypt: >> >> 1) Is mail_crypt_global_private_key file read upon dovecot start/restart only or it is/can be read in any other time? I have made few tests by starting dovecot and removing master key for decryption - therefore it is not available on the platform - it only reside in memory, removing one of attack vectors > It can be given from config file, or from user database. It is read on > use. You can also encrypt the key using a password, but in the end, the > password or the key needs to be provided by something.yes i am loading it in conf file like: mail_crypt_global_private_key = </etc/dovecot/somefile.key but then i am removing that file - and it looks like dovecot still is able to decrypt mails encrypted with that file. So you are saying there might be situation that this file need to be ?re-read? from disk ?>> 3) is there any better way to encrypt mails that were sent before enabling mail_crypt ? I have made some simple script to automate and in-place encryption: https://gist.github.com/kolargol/d551d132949068ce6efce7bc85a317cb but maybe there is better way? If someone want to use it, please read code before as it require updating magic(5) local database >> >> thanks! > > The Best Practice, supported way, is to move the emails around, so you > move all your mails from INBOX to FooBox, and then back. This can have > some side-effects, and you might want to test this. Most notably it will > consume UIDs, unless you reset the folder by removing indexes.ok, i was using above script to encrypt hundred of thousands email files and i did not found any issues, it is also quite fast, do you see any problems with that ? thanks! _ Zbyszek
On 06.11.2017 13:20, Zbyszek ???kiewski wrote:> >> Wiadomo?? napisana przez Aki Tuomi <aki.tuomi at dovecot.fi> w dniu 06.11.2017, o godz. 08:44: >> >> On 04.11.2017 20:52, Zbyszek ???kiewski wrote: >>> Hi, >>> >>> I have few questions regarding mail_crypt: >>> >>> 1) Is mail_crypt_global_private_key file read upon dovecot start/restart only or it is/can be read in any other time? I have made few tests by starting dovecot and removing master key for decryption - therefore it is not available on the platform - it only reside in memory, removing one of attack vectors >> It can be given from config file, or from user database. It is read on >> use. You can also encrypt the key using a password, but in the end, the >> password or the key needs to be provided by something. > > yes i am loading it in conf file like: > > mail_crypt_global_private_key = </etc/dovecot/somefile.key > > but then i am removing that file - and it looks like dovecot still is able to decrypt mails encrypted with that file. So you are saying there might be situation that this file need to be ?re-read? from disk ?Yeah, the file content is loaded into configuration. If you need to re-read it you need to restart dovecot.> >>> 3) is there any better way to encrypt mails that were sent before enabling mail_crypt ? I have made some simple script to automate and in-place encryption: https://gist.github.com/kolargol/d551d132949068ce6efce7bc85a317cb but maybe there is better way? If someone want to use it, please read code before as it require updating magic(5) local database >>> >>> thanks! >> The Best Practice, supported way, is to move the emails around, so you >> move all your mails from INBOX to FooBox, and then back. This can have >> some side-effects, and you might want to test this. Most notably it will >> consume UIDs, unless you reset the folder by removing indexes. > ok, i was using above script to encrypt hundred of thousands email files and i did not found any issues, it is also quite fast, do you see any problems with that ? > > thanks! > > _ > ZbyszekThat script looks fine. Aki
> > On 06.11.2017 13:20, Zbyszek ???kiewski wrote: >> >>> Wiadomo?? napisana przez Aki Tuomi <aki.tuomi at dovecot.fi> w dniu 06.11.2017, o godz. 08:44: >>> >>> On 04.11.2017 20:52, Zbyszek ???kiewski wrote: >>>> Hi, >>>> >>>> I have few questions regarding mail_crypt: >>>> >>>> 1) Is mail_crypt_global_private_key file read upon dovecot start/restart only or it is/can be read in any other time? I have made few tests by starting dovecot and removing master key for decryption - therefore it is not available on the platform - it only reside in memory, removing one of attack vectors >>> It can be given from config file, or from user database. It is read on >>> use. You can also encrypt the key using a password, but in the end, the >>> password or the key needs to be provided by something. >> >> yes i am loading it in conf file like: >> >> mail_crypt_global_private_key = </etc/dovecot/somefile.key >> >> but then i am removing that file - and it looks like dovecot still is able to decrypt mails encrypted with that file. So you are saying there might be situation that this file need to be ?re-read? from disk ? > Yeah, the file content is loaded into configuration. If you need to > re-read it you need to restart dovecot.ok thanks, so this is what i wanted to know: so the content of the private key are read on startup and held in memory, and they are only refreshed when dovecot restarts. So in my use-case i can safely remove private key once dovecot started, right ? thanks, _ Zbyszek