mail-crypt-plugin ================= Contents 1. mail-crypt-plugin 1. Introduction 1. Functional Overview 2. Encryption Technologies 2. Technical Requirements 3. Settings for mail crypt plugin 4. Modes of operation 5. Folder keys 1. Unencrypted user keys 2. Encrypted user keys 6. Global keys 1. RSA key 2. EC key 3. Converting EC key to PKEY 4. Base64 encoded keys 7. New dcrypt format (mail_crypt_save_version = 2) 8. Old dcrypt format (mail_crypt_save_version = 1) 9. Read-only mode (mail_crypt_save_version = 0) 10. mail-crypt-plugin and ACLs 11. decrypting files encrypted with mail-crypt plugin 12. fs-crypt and fs-mail-crypt 2. doveadm plugin 1. doveadm mailbox cryptokey generate 2. doveadm mailbox cryptokey list 3. doveadm mailbox cryptokey export 4. doveadm mailbox cryptokey password Introduction ------------ The Mail crypt plugin is used to secure email messages stored in a Dovecot system. Messages are encrypted before written to storage and decrypted after reading. Both operations are transparent to the user. In case of unauthorized access to the storage backend, the messages will, without access to the decryption keys, be unreadable to the offending party. There can be a single encryption key for the whole system or each user can have a key of their own. The used cryptographical methods are widely usedstandards and keys are stored in portable formats, when possible. Functional Overview ------------------- The use of Mail crypt plugin depends on a user having a keypair, a private and a public key, for asymmetric cryptography. These keys are provisioned in a variable via the user database or directly from Dovecot configuration files. The public half of the provisioned keypairs are used to generate and encrypt keys for symmetric encryption. The symmetric keys are used to encrypt and decrypt individual files. Symmetric encryption is faster and more suitable for block mode storage encryption. The symmetric key used to encrypt a file is stored, after being encrypted with the public asymmetric key, together with the file. Encryption Technologies ----------------------- The Mail crypt plugin provides encryption at rest for emails. Encryption of the messages is performed using the symmetric Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM) with 256 bit keys. Integrity of the data is ensured using Authenticated Encryption with Associated Data (AEAD) with SHA256 hashing. The encryption keys for the symmetric encryption are randomly generated. These keys in turn are encrypted using a key derived with from the provisioned private key. Provisioned private keys can be Elliptic Curve (EC) keys or RSA Encryption is done using the Integrated Encryption Scheme (IES). This algorithm is usable both with EC and RSA keys. Technical Requirements ---------------------- This feature is available in v2.2.27+. Using per-folder keys is not considered production quality, but global keys are fine. *NB! Improper configuration or use can make your emails unrecoverable. Treat encryption with care and backups.* mail-crypt-plugin encrypts and decrypts mail. The plugin has an older version, and the extent of this version's backward compatibility is controlled by the setting *mail_crypt_save_version*. The setting has three valid values, of which one must be set for the plugin to do anything. The values are 0 and 2. With *mail_crypt_save_version = 2*, mails are saved in dcrypt version 2 format, and this is the value that should be used. With *mail_crypt_save_version = 0*, the plugin does not write encrypted mails, but can still read them. To provide *mail_crypt_global_private_key* and *mail_crypt_global_public_key* as userdb attributes, you can base64 encode the original contents, such as PEM file. For example, ---%<------------------------------------------------------------------------- cat ecprivkey.pem | base64 -w0 ---%<------------------------------------------------------------------------- Settings for mail crypt plugin ------------------------------ These all go into userdb environment or under plugin { } * *mail_crypt_save_version* - Save format, 0 = read only, 2 = current version * *mail_crypt_curve* - EC curve to use for key generation * *mail_crypt_global_private_key(_n)* - Private key to decrypt files, you can specify many * *mail_crypt_global_public_key* - Public key to use to encrypt files, you can specify one * *mail_crypt_private_key* - Private key to decrypt user's master key, can be base64 encoded * *mail_crypt_private_password* - Password to decrypt user's master key or environment private key * *mail_crypt_acl_require_secure_key_sharing* - Require secure key sharing * *mail_crypt_require_encrypted_user_key* - Require user key encryption with password All external keys must be in PEM format, using pkey format. Modes of operation ------------------ Mail crypt plugin can operate using *either* global keys *or* folder keys. Using both is not supported. To perform any encryption,*mail_crypt_save_version* must be specified and non-zero. Folder keys ----------- In this mode, the user is generated a key pair, and each folder is generated a key pair, which is encrypted using the user's key pair. A user can have more than one key pair but only one can be active. You must use save version 2. You must also specify *mail_crypt_curve*. Any valid curve supported by underlying cryptographic library is supported.*mail_attribute_dict* has to be set since it is used to store the keys. Unencrypted user keys --------------------- In this version of the folder keys mode, the users private key is stored unencrypted on the server. Example config for folder keys with Maildir: ---%<------------------------------------------------------------------------- mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_plugins = $mail_plugins mail_crypt plugin { mail_crypt_curve = secp521r1 mail_crypt_save_version = 2 } ---%<------------------------------------------------------------------------- Encrypted user keys ------------------- In this version of the folder keys mode, the users private key is stored encrypted on the server. Example config for mandatory encrypted folder keys with Maildir: ---%<------------------------------------------------------------------------- mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_plugins = $mail_plugins mail_crypt plugin { mail_crypt_curve = secp521r1 mail_crypt_save_version = 2 mail_crypt_require_encrypted_user_key = yes } ---%<------------------------------------------------------------------------- The password that is used to decrypt the users master/private key, must be provided via password query: ---%<------------------------------------------------------------------------- # File: /etc/dovecot/dovecot-sql.conf.ext password_query = SELECT \ email as user, password, \ '%w' AS userdb_mail_crypt_private_password \ FROM virtual_users WHERE email='%u'; ---%<------------------------------------------------------------------------- Global keys ----------- In this mode, all keying material is taken from plugin environment. You can use either EC keys (recommended) or RSA keys. No key generation is performed. RSA key ------- Use of RSA keys is discouraged, please use Elliptic Curve keys instead. You can generate an unencrypted RSA private key in the pkey format with the command: ---%<------------------------------------------------------------------------- openssl genpkey -algorithm RSA -out rsaprivkey.pem ---%<------------------------------------------------------------------------- Alterantively, you can generate a password encrypted private key with: ---%<------------------------------------------------------------------------- openssl genpkey -algorithm RSA -out rsaprivkey.pem -aes-128-cbc -pass pass:qwerty ---%<------------------------------------------------------------------------- This does make the password show up in the process listing, so it can be visible for everyone on the system. Regardless of whether you generated an unencrypted or password encrypted private key, you can generate a public key out of it with: ---%<------------------------------------------------------------------------- openssl pkey -in rsaprivkey.pem -pubout -out rsapubkey.pem ---%<------------------------------------------------------------------------- These keys can then be used by mail-crypt-plugin with the configuration: ---%<------------------------------------------------------------------------- mail_plugins = $mail_plugins mail_crypt plugin { mail_crypt_global_private_key = ecprivkey.pem base64 -d ecprivkey.pem | openssl ec -pubout | base64 -w0 > ecpubkey.pem ---%<------------------------------------------------------------------------- ---%<------------------------------------------------------------------------- passdb { driver = static args = password=pass mail_crypt_global_public_key= mail_crypt_global_private_key= } mail_plugins = $mail_plugins mail_crypt plugin { mail_crypt_save_version = 2 } ---%<------------------------------------------------------------------------- New dcrypt format (mail_crypt_save_version = 2) ----------------------------------------------- The recommended setting of *mail_crypt_save_version* for new installations of mail-crypt-plugin is 2. Old dcrypt format (mail_crypt_save_version = 1) ----------------------------------------------- Do not use this. It is supported for legacy reasons only and should not be used to create new files. It will not work without a global key. Read-only mode (mail_crypt_save_version = 0) -------------------------------------------- If you have encrypted mailboxes that you need to read, but no longer want to encrypt new mail, use *mail_crypt_save_version = 0*: ---%<------------------------------------------------------------------------- plugin { mail_crypt_save_version = 0 mail_crypt_global_private_key = :][set_prefix=:][private_key_path=/path:][public_key_path=/path:][password=password:]* where: * *algo*: Encryption algorithm. Default is aes-256-gcm-sha256. * *set_prefix*: Read _public_key and _private_key under this prefix. Default is "mail_crypt_global". * *private_key_path*: Path to private key * *public_key_path*: Path to public key * *password*: Password for decrypting public key Example: ---%<------------------------------------------------------------------------- plugin { fts_index_fs = crypt:set_prefix=fscrypt_index:posix:prefix=/tmp/fts fscrypt_index_public_key =