How to obfuscate dovecot encryption key

Perhaps you read my blog post about server side email encryption and you are wondering how to protect secret key from leaking with your data. There are probably dozen ways to do this, but i will describe one that i particularly like.

I am talking about removing private key from server at all…or at last from it’s file system. Idea is as follow: after dovecot start, we remove private key from disk. Private key is still loaded into system memory but it is not on disk anymore, and access to it via memory dumps is limited (at last on OpenBSD). Anyway, access to the key is much harder then simple copy&paste. Add to it some nice obfuscate procedure and you are good to go. There is one problem: how to load that key when restart of the process is needed or server reboot happens…

Maybe you heard about Authy Two-factor app and service. Among pretty standard features related to 2FA they support very nice feature: OneTouch. It replace entering numbers to simply approving/declining requests. This feature is very important if you are away from server console.

Next you will need some kind of keystore, in this case it can be some remote server with ssh/scp allowed from dovecot machine. On the keystore server you will need to install onetouch-ssh - this will talk via API to Authy servers. You will need to setup all that manually, and there is no shortcuts.

here, how it looks on diagram

New stuff there: Dovecot_Wrapper, yeah this is another thing needed, once Authy account is set, app installed on the phone and onetouch-ssh works on keystore, you have to put wrapper script over rc dovecot startup script.

Let’s see what Dovecot_Wrapper do. First it passes all the init functions to original rc script except one related to stop/start daemon. When this call is intercepted, it make scp connection to the keystore using trusted ssh-keys, keystore (dcu) then send login request to the phone where admin see the command and can take action (approve/decline). If timeout happen or request is declined - key cannot be accessed and copied to dovecot machine, Dovecot_Wrapper bails-out as dovecot wont start without private key.

When approved, private key is copied to dovecot machine - it can be copied on the disc or to temporary MFS, or whatever you want. After verify that key hash is correct, dovecot can start now. If all is OK, we can now remove private key off the server by wiping it out (remember to use special command like rm -P, not just rm - to prevent restoring it from filesystem). You can now perform nice obfuscation by replacing original key with some newly generated - just remember to place it exactly in the spot where old one was. Do not worry - this key won’t be used by dovecot process.

While this is not very elaborate, removing key from server and obfuscation protect your encrypted mails from being accessed by many occasions:

fs dumps are useless as data is encrypted and there is no key to decrypt

potential RCE that lead to data leackage is limited or not possible - no key on server, attacker see only encrypted data

cloud provider backups are safe - same - no key, no access

perhaps many more…

This is just one of the techniques that “naively” protects your data - by “naively” - i mean - there are no solid ways to protect your data - you can only make life harder for hackers (but just imagine the face of the guy who pwned your mail server and see later that all he has is fake key and GBs of encrypted data)

This was posted 2 years ago. It has 0 notes.