how to encrypt

jboogie

I'm thinking of moving my imap server from my desktop to a vps, however I'd like for my mails that reside on the vps to be encrypted. How can I achieve this? I think file-system encryption would be best, but I have never done this and don't know if and how it's possible on a vps

gsrdgrdghd

There is no point on encrypting something on a VPS as long as its running and the data needs to be accessed.

jboogie

I don't get your point...

jboogie

I think it is allways best to encrypt your personal data, moreso if it's on hardware you don't physically own...

NickM

If someone breaks into your VPS, they're going to be able to read everything. Your host will be able to read everything. In this scenario, encrypting your filesystem is just going to be a waste of resources.

jboogie

@NickM said: If someone breaks into your VPS, they're going to be able to read everything. Your host will be able to read everything. In this scenario, encrypting your filesystem is just going to be a waste of resources.

can't you do it with private/public key encryption, storing the private key on your local system?

dataeg

you should use PGP to encrypt your mails .

jboogie

@dataeg said: you should use PGP to encrypt your mails .

I do, unfortunately so little of the persons I know (and write mails to) are tech savvy enough to use it themselves

gsrdgrdghd

@jboogie said: can't you do it with private/public key encryption, storing the private key on your local system?

No that does not work.

jboogie

wait maybe I could setup the server to automatically encrypt all un-encrypted mails using my pgp public key... this sounds reasonable no?

gsrdgrdghd

In theory that would work but it has 2 flaws:

1. Your provider and any hacker could still read all incoming e-mails
2. I don't think there is any mail server that provides such a feature

NickM

@jboogie said: can't you do it with private/public key encryption, storing the private key on your local system?

They're still going to come into the server in plaintext. I suppose you can encrypt them as they come in, but you'll need to make sure that they don't touch the disk at all before that. You might be interested in checking out this link: https://grepular.com/Automatically_Encrypting_all_Incoming_Email

jboogie

@gsrdgrdghd yes they could still have access but at least they would be stored encrypted... I'd say that's good enough

@NickM thanks for the link! that perl script will make this super easy, just an entry in .procmailrc and I'm done

RoboCot

Ah, this very old problem!

I never managed to solve it, but i think encrypting email as they were processed it's annoying and ruin some of the best IMAP features, like searches.