Hi everybody, I have a question about the Dovecot Mailcrypt Plugin. I'm trying to understand what the security of this plugin is based on. The encryption with private and public key and elliptic curves is basically a good thing. But the keys are in the file system together with the encrypted mails. The passwords for the private keys are in the user database. I guess the passwords have to be in plaintext for it to work. Is that true, or did I misunderstand something? Then the encryption would make no sense at all, right? For what purpose was the plugin developed? Can anyone explain this to me? Best regards Daniel -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2373 bytes Desc: not available URL: <https://dovecot.org/pipermail/dovecot/attachments/20190914/e280d5ac/attachment.p7s>
<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 14/09/2019 16:08 Daniel Niewerth via dovecot < <a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote: </div> <div> <br> </div> <div> <br> </div> <div> Hi everybody, </div> <div> <br> </div> <div> I have a question about the Dovecot Mailcrypt Plugin. </div> <div> I'm trying to understand what the security of this plugin is based on. </div> <div> <br> </div> <div> The encryption with private and public key and elliptic curves is basically a good thing. But the keys are in the file system together with the encrypted mails. The passwords for the private keys are in the user database. </div> <div> I guess the passwords have to be in plaintext for it to work. </div> <div> <br> </div> <div> Is that true, or did I misunderstand something? </div> <div> Then the encryption would make no sense at all, right? </div> <div> For what purpose was the plugin developed? </div> <div> <br> </div> <div> Can anyone explain this to me? </div> <div> <br> </div> <div> Best regards </div> <div> <br> </div> <div> Daniel </div> </blockquote> <div> <br> </div> <div> It's best suited for securing external storage such as NFS or object storage. There are possibilities to encrypt the key using user's password, but this takes careful planning. The keys can also come from userdb , e.g. LDAP. </div> <div class="io-ox-signature"> <pre>--- Aki Tuomi</pre> </div> </body> </html>
Hi Aki, Thank you so much for your answer. Does "encryption with user password" mean that the key is encrypted with the password that the imap client sends to the server? That would be exactly the solution I am looking for. The user password is nowhere in plain text, but only as a hash in the SQL database. This would make the setup safe. How do I tell Dovecot that this password should be used? I think I have to create a keypair for the user with doveadm-mailbox-cryptokey and encrypt it with the password that is hashed in the SQL database. Right? I am aware that I always have to change the Keypair password together with the mailbox password. Do I have to pay attention to anything else? Best regards Daniel> Am 14.09.2019 um 15:52 schrieb Aki Tuomi via dovecot <dovecot at dovecot.org>: > > >> On 14/09/2019 16:08 Daniel Niewerth via dovecot < dovecot at dovecot.org> wrote: >> >> >> Hi everybody, >> >> I have a question about the Dovecot Mailcrypt Plugin. >> I'm trying to understand what the security of this plugin is based on. >> >> The encryption with private and public key and elliptic curves is basically a good thing. But the keys are in the file system together with the encrypted mails. The passwords for the private keys are in the user database. >> I guess the passwords have to be in plaintext for it to work. >> >> Is that true, or did I misunderstand something? >> Then the encryption would make no sense at all, right? >> For what purpose was the plugin developed? >> >> Can anyone explain this to me? >> >> Best regards >> >> Daniel > > It's best suited for securing external storage such as NFS or object storage. There are possibilities to encrypt the key using user's password, but this takes careful planning. The keys can also come from userdb , e.g. LDAP. > --- > Aki Tuomi-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190914/3bc31b67/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2373 bytes Desc: not available URL: <https://dovecot.org/pipermail/dovecot/attachments/20190914/3bc31b67/attachment.p7s>