Fwd: Re: making a plugin encrypt index data

[Aki Tuomi]

> -- Original Message --
> From: Aki Tuomi 
> To: micah anderson 
> Date: December 16, 2016 at 11:25 PM
> Subject: Re: making a plugin encrypt index data
> 
> When we released our encryption plugin, mail-crypt, it's capabilities include 
> fs-crypt. This can be used to encrypt things like FTS indexes and 
> attachments, and with suitable mail storage, such as obox, you can also 
> encrypt indexes.
> 
> To extend this support to dbox or maildir, does require rather involved 
> changes in dovecot core, which currently has no support for fs-api in index 
> handling. This might happen on v2.3 or v2.4, depending.
> 
> I somehow suspect that the work estimate would exceed your budget. But it is 
> going to happen, it's just matter of time. Can't give you any timeline 
> though, since we have not decided on one yet.
> 
> Aki
> 
> > On December 16, 2016 at 9:53 PM micah anderson  wrote:
> > 
> > 
> > 
> > Hi Aki,
> > 
> > Do you have any idea approximately when this would be planned for?
> > 
> > We are also interested potentially paying for the ability to encrypt our
> > indexes, as this is a major concern for us. We don't have a lot of money
> > as a non-profit, but if there is a possibility of contract work, we
> > would be interested to know what it would cost to do it.
> > 
> > thanks,
> > micah
> > 
> > Aki Tuomi  writes:
> > 
> > >> On December 16, 2016 at 6:48 PM micah anderson  wrote:
> > >> 
> > >> 
> > >> 
> > >> Hello,
> > >> 
> > >> I'm encrypting mail on disk using a plugin[0], but the index files are
> > >> not encrypted (specifically the dovecot.index.cache can be read).
> > >> 
> > >> I want to do is encrypt index on disk, so I'm looking for how a plugin
> > >> can achieve that by hooking into the right locations. Is that easily
> > >> possible in a plugin?
> > >> 
> > >> I can turn off those indexes by passing INDEX=MEMORY, but that isn't
> > >> possible if I use sdbox/mdbox.
> > >> 
> > >> thanks for any suggestions!
> > >> micah
> > >> 
> > >> 0. https://0xacab.org/riseuplabs/tofu-scrambler
> > >
> > > Hi!
> > >
> > > At the moment it's not possible without making new storage class. We are 
> > > planning to add support for fs drivers for indexes at some point.
> > >
> > > Aki Tuomi
> > > Dovecot Oy

Re: making a plugin encrypt index data

[Aki Tuomi]

> On December 16, 2016 at 6:48 PM micah anderson  wrote:
> 
> 
> 
> Hello,
> 
> I'm encrypting mail on disk using a plugin[0], but the index files are
> not encrypted (specifically the dovecot.index.cache can be read).
> 
> I want to do is encrypt index on disk, so I'm looking for how a plugin
> can achieve that by hooking into the right locations. Is that easily
> possible in a plugin?
> 
> I can turn off those indexes by passing INDEX=MEMORY, but that isn't
> possible if I use sdbox/mdbox.
> 
> thanks for any suggestions!
> micah
> 
> 0. https://0xacab.org/riseuplabs/tofu-scrambler

Hi!

At the moment it's not possible without making new storage class. We are 
planning to add support for fs drivers for indexes at some point.

Aki Tuomi
Dovecot Oy

making a plugin encrypt index data

[micah anderson]

Hello,

I'm encrypting mail on disk using a plugin[0], but the index files are
not encrypted (specifically the dovecot.index.cache can be read).

I want to do is encrypt index on disk, so I'm looking for how a plugin
can achieve that by hooking into the right locations. Is that easily
possible in a plugin?

I can turn off those indexes by passing INDEX=MEMORY, but that isn't
possible if I use sdbox/mdbox.

thanks for any suggestions!
micah

0. https://0xacab.org/riseuplabs/tofu-scrambler