Open chrhartung opened 5 years ago
arodier
commented
5 years ago I know about this a little bit, I reckon this is a good idea, especially if your main drive is not encrypted. If you main drive is encrypted, this is another protection against unauthorised access. I will consider this, with the time I have.
sorcer1122
commented
5 years ago I wonder if creating an encrypted volume and moving all dovecot storage there will work
https://lowendbox.com/blog/setting-up-an-encrypted-volume-on-your-ubuvps/
arodier
commented
5 years ago The other possible option is to use ecryptfs for the whole home partition. Still, this is less safe than using LUKS, and sometimes confuses AppArmor logs. I will put this aside for now.
arodier
commented
5 years ago Finally, some VPS providers allows you to use a remote ISO image, for instance Vultr. However, as long as you are using a VPS, your data is not safe at all. The LUKS headers are in the memory of the virtual machine, and easily accessible to the host. I am not planning to support VPS hosting for now, this is why this project is called "homebox". But I have another solution in mind, that could fit your needs. I will explain more details later, after deep tests.
sorcer1122
commented
5 years ago Would be interesting to know what is the solution. Unfortunately, self-hosting at home is not great for various reasons, this is why VPS is a good solution.
arodier
commented
4 years ago From what I have seen, and my email exchanges with Aki, this is not exactly what I would implement, even for a cloud hosted environment. The root account is still able to decrypt the emails. There is, however, another solution, that can be implemented, and is elegant. This solution applies GPG encryption on received emails, with the GPG public key. This is nice, because:
I created the issue #335 to supersed this one.
besendorf
commented
3 years ago From what I have seen, and my email exchanges with Aki, this is not exactly what I would implement, even for a cloud hosted environment. The root account is still able to decrypt the emails. There is, however, another solution, that can be implemented, and is elegant. This solution applies GPG encryption on received emails, with the GPG public key. This is nice, because:
* It does not allow the root user to decrypt the key * It is compatible with mail clients supporting GPG * It relies on a standardised solutionI created the issue #335 to supersed this one.
This is not entirely correct. MailCrypt supports two modes. Global keys and folder keys. See here What you described is the global keys option. This of course is not necessary if you use LUKS encryption and the admin of the mail server can still read the mails. However the folder keys mode creats one key per user and prevents the admin from reading user email. This is a huge privacy gain.
I would really like to use homebox with this plugin. Please consider supporting it. Also do you think it would be suitable to enable this plugin after installing homebox or do you think it would break with updates for example?
thank you very much for your work
arodier
commented
3 years ago Thanks, I read carefully the link, and I will implement this in the next version.
besendorf
commented
3 years ago Thank you very much. Could you reopen this issue? Using gpg and MailCrypt at the same time should also be possible. Of course gpg is more secure as for example you cant log the gpg private key but the IMAP password used for mailcrypt. But there are still scenarios where MailCrypt helps to protect data. For example when an attacker briefly gains access to the server and copys the mailboxes or to prevent state surveilance, when email providers are asked to copy the mailbox of a user. Also MailCrypt encrypt all folders in the mailbox including the Sent folder. Most GPG solutions only encrypt incoming mail.
Heres a thesis discussing gpg mail encryption and different mailbox encryption solutions and also their impact on performance. Unfortunatly its in German. https://gitlab.com/bifi/mailboxencryption_thesis/-/blob/master/thesis.pdf
arodier
commented
3 years ago Thanks, I am reopening the issue.
arodier
commented
3 years ago Working on it...
Would be nice to be able to use mailcrypt plugin (folder keys) of dovecot out of the box: https://wiki.dovecot.org/Plugins/MailCrypt To have encrypted mails stored in dovecot beside the disk encryption for higher security reasons