[BlueOnyx:14280] Re: Crypt mbox files

Michael Stauber mstauber at blueonyx.it
Mon Jan 20 16:07:05 -05 2014 

Hi Marcellus,

> I was wondering if it was possible to crypt mbox files of users in BO
> servers.
> 
> Now they are clear text files and accessible by the server administrator.

No, that's not really possible or feasible. The best procedure is to use
client side encryption and to encrypt emails with GPG/PGP.

On the server side it makes little sense, because at the end of the day
(regardless of what you do) "root" will always be able to read the
emails, too. Additional technical means to encrypt the emails just add
more hassles, but still allow "root" access them and to decrypt them.

Some email providers provide "encrypted" mail and also claim storing the
emails encrypted. You might recall the news-brouhaha about Snowden's
email provider, who chose to shut down services to circumvent having to
comply with one of these secret NSA court orders. My summary simplifies
that matters a bit and the story in the news also changed a few times
depending on who told it.

People have been speculating about what technology that service used and
there are some theories based on what eventually was disclosed to the
courts and got reported.

When your mailserver receives emails, then these emails might already be
encrypted client side or they might be plain text. Before the mailserver
stores them into the mailbox, you want to encrypt them? Technically
that's possible.

However: When the client polls his emails via POP, IMAP (with or without
SSL) or web-interface, then the server needs to decrypt these emails
again before presenting them to the client.

So the server not only needs to know how to encrypt the emails, but also
how to decrypt them. If the decryption mechanism is known and the key
for that is stored on the server, then "root" can decrypt those emails, too.

The only way to prevent that is to externalize a part of the cipher and
to use (for example) the users account password as part of the cipher,
or a client side certificate that only the client has.

And yet there you have the same problem again: In order to store the
received emails for users, the server needs to know the exact cipher,
which would also include the clients password or private certificate. So
that part has to be stored on the server as well. In one form or other.
And then it's yet again within the reach of user "root".

So the whole concept of encrypting emails on the server and keeping them
stored in encrypted fashion is nice on paper. But in practical terms: If
you don't trust user "root", then all is lost anyway.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list