Today I want to talk about encryption again. Previously I’ve blogged about the benefits of transport encryption, particularly for protecting emails from man-in-the-middle snooping or mass surveillance, which is something we’re encouraging through the TES initiative. We’ve also discussed the benefits of email encryption (as implemented by OX Guard), whereby individual emails are encrypted with e.g. OpenPGP before sending to the recipient. Today however, I’ll be discussing Dovecot Storage Encryption, a new feature of Dovecot Pro, which is also known as encryption at rest.
Encryption at rest means that all of the email data stored on disk by Dovecot is encrypted, in a way that is transparent to users, because when they retrieve email they still see the plaintext version. This is different to email encryption such as that implemented by Guard, because in that case, Dovecot is not performing the encryption/decryption – it is handled by the email client. Dovecot Storage Encryption at is similar to encrypted filesystems, which encrypt the data before writing to the physical media.
The most important question when discussing encryption is “what problem are you trying to solve”, and for at-rest encryption the answer is not necessarily the answer you might be expecting. What Dovecot Storage Encryption does not solve is end-to-end integrity and confidentiality of data – that is solved with encrypting the email before you send it (there are a lot of caveats associated with this sentence that I won’t go into with this article, suffice it to say that end-to-end encryption is not ubiquitous for good reasons, mainly associated with key distribution).
With Dovecot Storage Encryption, the data is encrypted before Dovecot writes it to disk, and decrypted after reading from disk, which means the data on disk is encrypted. However, Dovecot still has to store a “master key” somewhere to ensure it can encrypt and decrypt the data transparently (i.e. without asking the user for a password). This means that an administrator, or someone with root access to the Dovecot server can still (with a lot of time and effort – it’s certainly not trivial) decrypt the files.
So why is Dovecot Storage Encryption useful? That mainly comes down to the way that the infrastructure used to provide internet services has evolved; specifically the huge adoption of “Infrastructure as a Service” (IAAS), and “Storage as a Service” in particular. Storage as a Service products such as Amazon S3, OpenStack SWIFT, Scality Ring etc. mean that the storage of data can be completely decoupled physically, operationally and logically, and handed to a third-party (which could be another department within the same organisation, or a completely separate organisation). Dovecot is increasingly deployed on top of these services, as they offer massive scalability, improved data integrity and operational simplicity. However the drawback is that data is now located in multiple sites, across many servers, outside of the control of the data owner/controller.
This is where Dovecot Storage Encryption comes into its own; by encrypting the data before it is written to storage, it can guarantee the integrity and confidentiality of that data from attacks against the third-party hosting the data, for example physical theft of storage media, infrastructure hacking, network snooping, malicious insiders etc. Dovecot Storage Encryption can also help customers to fulfill legal or regulatory obligations that require data to be encrypted at rest, while still allowing access to law-enforcement/lawful intercept requests.
So in summary, Dovecot Storage Encryption is a valuable tool for ensuring confidentiality and integrity of stored email data when it is stored on any kind of infrastructure as a service that might be outside the immediate control of the mail system operations team. It complements existing encryption techniques such as email encryption and transport encryption, and works in a completely transparent manner.