Score:0

Server

mail_crypt dovecot plugin requires you to store private key on the server

Daniel Krajnik

8/3/24, 4:45 PM

Why does mail_crypt require generated private key to be stored on the server? I thought that the purpose of encryption at rest is to prevent attacker from reading the contents of user's mailbox. Once someone gains access to the server they can just use the private key to decrypt the emails (even if the key itself was encrypted with a password that could be brute forced).

I thought that the private key will be stored only on the user's client and emails will be decrypted locally (after downloading them via IMAP/POP3).

2 + 0

email-server

encryption

dovecot

Score:0

Server

tsc_chazz

8/3/24, 5:19 PM

Presumably, mail is encrypted with both the server's private key and the client's public key, and so can only be decrypted with both the server's public key and the client's private one. At least, that's my understanding of how this sort of encryption works. Asymmetrical encryption uses one key for encryption, the other for decryption, so if in fact the mail on the server was encrypted only with the server's private key, it could be decrypted with only the server's public key. And because the client's public key is just that, public, the server can store it per-user without creating any particular security risk.

+ 7

Daniel Krajnik

8/6/24, 5:16 PM

That's all correct, sorry if this wasn't clear in the question, but I'm really asking why not store private key on the client machine if that's the only place you want to read (decrypt) the email.

tsc_chazz

8/6/24, 5:18 PM

Because you need the server's private key to encrypt the mail. You don't need it to decrypt the mail so it would be pointless to have it on the client.

Daniel Krajnik

8/6/24, 5:29 PM

What do you mean? You don't encrypt mail with private key, but public key. What do you mean pointless by having a private key on the client? There is soo much wrong in all of this.

tsc_chazz

8/6/24, 5:33 PM

No. You can encrypt with the private key, then decrypt with the public key, or vice versa - that's how it works. The key here is that you encrypt twice - once with the server's private key, once with the client's public key; then decrypt twice in the client, once with the server's public key, once with the client's private key. Look up how asymmetrical encryption works, there's a crap-ton of information out there.

Daniel Krajnik

8/6/24, 5:48 PM

Why do you need to encrypt emails twice? What's the point of encrypting anything with private key? Or did you mean signing?

tsc_chazz

8/6/24, 5:53 PM

No, you can sign as well, but that's separate. If I encrypt with my private key, anyone can decrypt using my public key; so that form of encryption acts only as confirmation that I encrypted it myself. If I want it so that only Bob can read it, I can encrypt it with Bob's public key, and then only Bob can read it, using his private key. So the double encryption is not strictly required, the server can encrypt each mailbox with only the client's public keys and only the individual client will be able to decrypt it. (More)

tsc_chazz

8/6/24, 5:57 PM

But by the same token, if the server is not encrypting using its private key, it still signs the messages using its private key, and the fact that it signed them can be confirmed with its public key. Either way, it's intended as proof that the server is where the messages came from, and to do that confirmation you use the server's public key.

Score:0

Server

HBruijn

8/3/24, 6:46 PM

Too long for comment:

Why does mail_crypt require generated private key to be stored on the server?

Because as, as the introduction says: "The Mail crypt plugin is used to secure email messages stored in a Dovecot system. Messages are encrypted before written to storage and decrypted after reading. Both operations are transparent to the user."

That transparency is the keyword there.

For an authenticated user, Dovecot must be able to reverse the encryption and that requires the private key.

I thought that the purpose of encryption at rest is to prevent attacker from reading the contents of user's mailbox.

Encryption of data at rest protects against some but not all threats.

The general idea and of encryption of data at rest by a (server) application is that when an attacker attempts to by-pass the access controls in the application and tries to read the data directly from the file-system/disk, that they will be thwarted by the encryption.

I.e. when an adversary or even a trusted administrator does something like: cat Maildir/cur/1659449681.11765_1.mail.example.com that won't show the clear text message headers, envelope data nor the message body anymore, but only some encrypted gibberish.

I thought that the private key will be stored only on the user's client and emails will be decrypted locally (after downloading them via IMAP/POP3)

Such a solution would either require a (plugin for the) mail client that supports the specific encryption that mail_crypt adds or could only be implemented with a custom e-mail client.

And it would require that the user uploads their public key to the server, before their messages can be encrypted and more.

+ 2

Daniel Krajnik

8/6/24, 5:21 PM

`And it would require that the user uploads their public key to the server` that's exactly what I expected to happen. I'm really surprised that there is no option to do that as of today. GPG for example allows you to maintain your own trust infrastructure with your own private keys. You don't need to trust third party server in some location far away, you can keep it yourself. I'm soooo surprised how MANY people responsible to managing mailserver just isn't aware of this. Why are we still acting like cloud/hosting companies don't scan contents of server hard drives?

Daniel Krajnik

8/6/24, 5:25 PM

Everyone keeps saying that email isn't safe and never will be safe - it can be safe. Just encrypt contents of your email at rest with YOUR OWN private key. Use end-to-end encryption with multiple encryption keys for selected conversations. Mail clients are so advanced these days - is sending an SSL client certificate to authenticate "too advanced use case"? This situation feels like teleporting back by 40 years.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: mail_crypt dovecot plugin requires you to store private key on the server

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.