Mailinabox: Server-Level End-to-End PGP

Created on 23 Apr 2014  路  20Comments  路  Source: mail-in-a-box/mailinabox

To promote the use of PGP, we can handle PGP at the server level. This will require a few components:

  • intercepting mail submission for encryption
  • knowing for what recipients email should be encrypted for
  • creating an LMTP server to decrypt incoming mail
  • key management
enhancement needs volunteer

Most helpful comment

@martindale are you sure you're not mixing up TLS and PGP? No other mailserver supports PGP in a "stable" way. Lavabit did, and some scripts exist that may work. PGP End-to-End is encryption at rest and in transit, but the other user needs to have a PGP key (few people do, mostly developers on the higher end of that spectrum)

TLS on the other hand is server-to-server encryption that is widely deployed and already supported by MiaB.

All 20 comments

What is the normal toolkit you'd use to do something like this manually? Are there a set of programs that you stitch together with some shell scripting?

Dunno!

I know this was done with Exim, maybe the script for that could be modified for MIAB.

https://github.com/mikecardwell/gpgit

Neat. Thanks for posting the link.

I started hacking on an encryption mail filter on a branch:

https://github.com/mail-in-a-box/mailinabox/commit/910b473ea7eeb3e3413dd08a72f2d9dad18b3eaf

This creates a new SMTP server listening on port 10587 that PGP-encrypts mail to recipients and refuses to accept mail if it cannot encrypt it. This makes it hard to accidentally send something in the clear.

Recipients' PGP keys are looked up from Keybase.io by inserting their Keybase username into their email address. E.g. If my email address were [email protected], you would address the email to me using [email protected].

I probably won't have time to finish this (or start a decryption side) any time soon. Maybe someone else can continue the work.

+1 on this, this would be fantastic.

I like the idea of this, but it does make me a little nervous to have keying material stored on the server. I suppose you could store the private keys in an encrypted format and use a key derived from the user's login password.

I haven't dug into the details in dovecot -- would it make this accessible? Or did you have some other idea for protecting these data?

The idea is that since you control the box, you might as well put a private key on it ---- rather than a copy of your private key on your laptop, on your phone(s), needing some awkward integration with webmail, etc. I'm not actively working on this now, though.

I understand that, in theory, but what if I'm sharing my box with others. For example, I host my own email on one of these, but I decide to offer the same to friends and family... At that point, I think it gets a little more sketchy. Honestly I think the automatic encrypting / signing is a pretty clever solution, in general, for outgoing.

On the incoming side, however, I'd like to figure out a way to accomplish this without potentially exposing my private key. I suppose one mechanism would be to fallback to using Thunderbird+EnigMail for reading, and not worry about those messages that can't be read on mobile. Hrm.

Thanks for the comments. Cheers.

To necrobump this issue, I think detecting PGP and encrypting incoming mail with PGP/MIME should be a thing so all your mail is encrypted at rest. Unfortunately I'm no mailserver wizard.

Closing because it was a fun idea but it seems like no one will get around to this any time soon.

Please re-open this issue, as it remains a requirement for the project. Move it to another milestone if you must (propose: "Backlog"), but definitely do not close it just because someone isn't getting to it soon.

as it remains a requirement for the project

I don't know what that even means. If it's a requirement _you_ have for a mail server, then this project won't meet your needs.

Then close the issue as "out of scope", and be clear about that to your community so they can find solutions that meet their needs. "no one will get around to this" is a poor explanation that you do not view this as an important feature and are removing it from the list of things other contributors can do for you.

As for the context of the issue itself, deploying a mail server without end-to-end encryption is irresponsible in the post-Snowden era. You would be doing a serious disservice to your users by even _allowing_ unencrypted configurations, let alone explicitly removing them from your product backlog.

You think I should shut this project down?

@martindale are you sure you're not mixing up TLS and PGP? No other mailserver supports PGP in a "stable" way. Lavabit did, and some scripts exist that may work. PGP End-to-End is encryption at rest and in transit, but the other user needs to have a PGP key (few people do, mostly developers on the higher end of that spectrum)

TLS on the other hand is server-to-server encryption that is widely deployed and already supported by MiaB.

@JoshData Can this be re-opened?

Roundcube 1.2.0 has server-side PGP support, so it shouldn't take too much work to support now! https://roundcube.net/news/2016/05/22/roundcube-webmail-1.2.0-released

Edit: merely updating Roundcube will support client-side PGP though Mailenvelope. Maybe that's enough for now. 馃槈

@louwers See #892.

@JoshData Thanks! 馃憤

Just found out Roundcube is already up-to-date so that the client-side browser plugin works. 馃槃

yes, mailvelope.com works conveniently in MiaB. even in conjunction with enigma.

Was this page helpful?
0 / 5 - 0 ratings