Just had a conversation with one good friend, rambling on the possibility of having a server-side crypted Maildir INBOX.

It seems that dovecot has a nice server-side mail compression plugin… how come there are no implementations of a session-based cyphering of mail storage based on this same principle ?

The use case is quite simple to imagine:

  1. Mails keep coming to the MDA, on plain text, as usual.
  2. User logs into the IMAP server with her credentials.
  3. A keypair stored on user’s maildir, for instance, is unlocked using the login password.
  4. New mails are cyphered and all subsequent read/write operations are performed through this (de)cyphering mechanism.
  5. User logs out and the key is forgotten, shrinking the window of opportunity on possible sneakers or forensic forces.

EDIT: Of course, keeping just the public key on the server is way smarter in this case:

  1. The user’s GnuPG public key is stored on her maildir.
  2. All incoming emails are cyphered as they arrive with the previous public key.
  3. The user logs in and sees all her mailbox cyphered, ready to be decyphered with his private key residing on her mail client.
  4. Forensic analysis/spying on emails gets just a little bit harder :).

He argued that just a quick UNIX pipework (using qmail) should be sufficient, but I rather preferred to keep the MTA out of the equation. The reason is that the MTA just “sinks” mail to the mailbox, while the MDA usually has both read and write access to emails, so to me it makes more sense to keep this “plugin” on the MDA side…

Is the idea clear at this point ? Is this already invented and passed under my radar ? Anyone has suggestions on top of that ?