linux security - Feb 2000 - Re: SUMMARY: IMAP security across the net

I just want to say that the compilation of answers on reading IMAP
e-mail securely was excellent. I currently read my IMAP mail through an
SSH tunnel, but have always wanted to use the built in encryption in the
e-mail clients, and I am in the process of setting it up based on your
message.

However, being a little excessive, I want to go even further. I imagine
e-mail being delivered and then encrypted with a public key before being
placed in my IMAP folders.

Then when I go to read my e-mail, I connect over SSL and my password
unlocks a private key which is (relatively) well encrypted on the
server, decrypts my e-mail before it sends it to the client. Of course
any content that is cached in the e-mail client is insecure, but the
large amount of archived e-mail I have on the server is both accessible,
and (relatively) safe even if my system is comprimised.

This is a a bit theoretical, but I was wondering if you thought there
was a way to configure my server to do this without writing a lot of
source code. Also can I have opinions as to whether this enhances my
security, or if there is a way (without going too far overboard) to
enhance it even further, and still give me the flexibility to use a
standard e-mail client. My goal is to prevent even someone with root
access from reading e-mail on my machine.

Thanks again for your efforts. I have installed OpenSSL and am reading
through the documentation now.

Daniel Zen

On 15 Feb, Daniel Zen wrote:
> I just want to say that the compilation of answers on reading IMAP
> e-mail securely was excellent. I currently read my IMAP mail through an
> SSH tunnel, but have always wanted to use the built in encryption in the
> e-mail clients, and I am in the process of setting it up based on your
> message.
> 
> However, being a little excessive, I want to go even further. I imagine
> e-mail being delivered and then encrypted with a public key before being
> placed in my IMAP folders.
> 
> Then when I go to read my e-mail, I connect over SSL and my password
> unlocks a private key which is (relatively) well encrypted on the
> server, decrypts my e-mail before it sends it to the client. Of course
> any content that is cached in the e-mail client is insecure, but the
> large amount of archived e-mail I have on the server is both accessible,
> and (relatively) safe even if my system is comprimised.
> 
> This is a a bit theoretical, but I was wondering if you thought there
> was a way to configure my server to do this without writing a lot of
> source code. Also can I have opinions as to whether this enhances my
> security, or if there is a way (without going too far overboard) to
> enhance it even further, and still give me the flexibility to use a
> standard e-mail client. My goal is to prevent even someone with root
> access from reading e-mail on my machine.
Its possible, I assume, with procmail, to do something like:

	:0
	| encrypt >> mailbox

The encrypt script would have to make sure it doesn't encrypt the
envelope, or your e-mail server (pop or imap server) wouldn't be able
to read the mailbox format.

Your e-mail client could ask for your key on startup, and decrypt all
mail before displaying it.  This would decrypt after sending it over
the wire.  It should be fairly easy to hook into mail readers, or to
write a wrapper.

[mod: This is the answer Daniel wanted to hear! Cut some stuff that
Daniel explicitly stated he is aware about: root can still compromise
this... -- REW]

The proper way to encrypt sensitive mail is to ask the sender to encrypt
it before delivering it to his local MTA.  At no other time does it
make sense to encrypt e-mail.

I am root.  And yes, I can read your e-mail.  But I am not that bored.
> Thanks again for your efforts. I have installed OpenSSL and am reading
> through the documentation now.
> 
> Daniel Zen
> 
-- 
Kind regards,				  
Berend                                  
                                        
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Berend De Schouwer, +27-11-712-1435, UCS