Secure Email and Posteo.de
So the NSA is spying not only on my Facebook account, but also reading my mail? Shame on them! Until recently, I was not overly anxious of my private mails getting into the wrong hands, but things change, don’t they?
I have my own postfix server up and running, which hosts about 10 mail addresses, mostly of Longboarding Ulm members. I implemented data security ‘at transport’ (i.e. TLS and related stuff), but I didn’t care too much about data security ‘at rest’, namely encryption on disk.
What will happen if my server gets compromised or confiscated? Each and every mail will be available to the evil-doer. As it is the case with all standard postfix distributions. And even if I save the mail directories, say, to an encrypted disk, my password could get compromised too, or I could be held in jail until I agree to unlock the data (merry German customs… see Beugehaft / §70 StPO).
This is also the case with most email providers. I came up with the whole thing after a recent chat with an acquaintance about her mail provider posteo.de. She was convinced that her emails are safely encrypted there, and she’s happy to pay the monthly fee of €1. That doesn’t sound like much, but what do you really get for it? They don’t require personal details, but so don’t the others – just insert some bogus into the registration form. They’ve got encryption. Via SSL. In 2013. Wow! I agree that every website that has user accounts should upgrade login requests to port 443, but the ones that don’t are dull anyway. So what about the ‘at rest’ encryption that posteo has, according to my friend? Nonexistent. They store the data on their server, and that’s it. Staff is advised to respect the users privacy. So far, the service that I’m offering out of the box and their service are not that different at all.
The big question is: How do I extend my system to provide ‘at rest’ encryption that is not dependent on me, but on the user (and his password) only? A quick research led me to GNU and the Anubis software. It should act as a man-in-the-middle for handing mail to the MTA, i.e. postfix. Perhaps I can pipe the mail such that each users mail gets encrypted with his public GPG key and is decrypted only when the password is transmitted to the server. This scheme is still open to some attacks (compromised server, sniffed passwords), but it would be better guarded against confiscation or data leaks. More on that in a follow-up.