Technology for Resting Email Encrypted Storage (TREES). Dovecot email storage encryption plugin.
Go to file
David Goulet c4f48ffde0 Actually check for a disabled user
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-12-08 15:14:39 -05:00
dovecot extended readme 2016-02-01 10:39:26 +01:00
spec worked on tests 2015-04-13 16:25:17 +02:00
src Actually check for a disabled user 2016-12-08 15:14:39 -05:00
task fixed test suite 2015-04-13 14:57:22 +02:00
.gitignore Beautify scrambler-plugin.c 2016-11-09 13:34:08 -05:00
.ruby-version first release 2015-04-10 11:44:28 +02:00
AUTHORS first release 2015-04-10 11:44:28 +02:00
CONTRIBUTORS first release 2015-04-10 11:44:28 +02:00
Gemfile first release 2015-04-10 11:44:28 +02:00
Gemfile.lock first release 2015-04-10 11:44:28 +02:00
LICENSE first release 2015-04-10 11:44:28 +02:00
Makefile Use libsodium crypto box and dump OpenSSL RSA/AES 2016-11-09 17:14:04 -05:00
Rakefile first release 2015-04-10 11:44:28 +02:00
README.md updated dovecot version in readme 2016-02-01 11:15:37 +01:00

Dovecot encryption plugin

Requirements

  • Ensure GCC and the header files for libcrypto (OpenSSL) and libxcrypt are installed.

Installation

  • Use make dovecot-install to download and build dovecot 2.2.21 in a sub-directory. It's a local installation and your system wont be affected.

  • Type make all to compile the plugin.

  • Find the plugin at dovecot/target/lib/dovecot/lib18_scrambler_plugin.so.

Tests

  • Ensure the ruby version manager is installed.

  • Install ruby version 2.1.x with command rvm install 2.1.

  • Install the bundler gem with gem install bundler.

  • Install the gem bundle with bundle install.

All tests are written with RSpec and can be run with make spec-all or bundle exec rake spec:integration

Configuration

In order to run, the plugin needs the following configuration values (via the dovecot environment).

  • scrambler_plain_password The plain user password. It's used to derive the hashed password to decrypt the private key.

  • scrambler_enabled Can be 1 or 0.

  • scrambler_public_key The public key of the user. Formatted as pem.

  • scrambler_private_key The encrypted private key of the user. Formatted as pem.

  • scrambler_private_key_salt The salt of the hashed password that has been used to encrypt the private key.

  • scrambler_private_key_iterations The number of iterations of the hashed password that has been used to encrypt the private key.

A configuration example can be found at dovecot/configuration/dovecot-sql.conf.ext.erb.

Migration

The migration of unencrypted mailboxes has to be done by a separate tool and is not part of this project.

Project

Concept, design and realization by Posteo e.K.. The implementation was provided by simia.tech GbR. An security audit has been provided by Cure53.