Integrate mailcrypt secret handling

[t2d]

We want to encrypt the mail storage of dovecot. The easiest way seems to be the mailcrypt plugin. I believe, we would need folder keys, which are user specific. The example supplies the password directly.

The main question is how we integrate this with our recovery tokens #83. By now #85 encrypts the user password in a sealed crypto box. If an attacker gains access to recovery token and user database, they could recover user passwords, which is not ideal. User sadly tend to re-use passwords.

I think, it would be better to get userdb_mail_crypt_private_key from the database. We would then need to store one copy of the key encrypted with the user password and another encrypted with the recovery token.

[t2d]

To incrementally allow to move to mailcrypt, there are two options:

1. Return userdb_mail_plugins=mail_crypt, if enabled -> Question: How do we append the mail_plugins defined in dovecot?
2. Support proxying Support proxying #90 and proxy users with encrypted mailboxes to an "encrypted-storage-only" dovecot instance.

[t2d]

Question: How do we append the mail_plugins defined in dovecot?

It's not possible. We would have to know which plugins are globally enabled and also per protocol. (Example)

[t2d]

We can enable mail_crypt per default, but set mail_crypt_save_version = 0.

For users, which have enable mail_crypt, we can override userdb_mail_crypt_save_version = 2 and provide keys, like immerda does: https://git.immerda.ch/iapi/tree/lib/iapi/routes/auth.rb#n87

Immerda uses user-specific global keys, which sounds a bit counter intuitive, but makes sense, because we don't need different keys for the folders in a users mailbox.
https://wiki.dovecot.org/Plugins/MailCrypt#Base64_encoded_keys

[t2d]

User-specific global keys

Pro

• Tested by immerda
• Multiple private keys possible

mail_crypt_global_private_key(_n) - Private key to decrypt files, you can specify many

Con

• We have to do key generation and roll-over ourselves

User-specific folder keys

Pro

• We can provide a single password or private key and dovecot will handle the rest
  -> May be more portable

mail_crypt_private_key - Private key to decrypt user's master key, can be base64 encoded
mail_crypt_private_password - Password to decrypt user's master key or environment private key

Con

• Code marked as not production ready

[doobry-systemli]

Result of internal discussions:

• We probably want to use global keys, not folder keys. The most important arguments in favour of global keys are:
  • separation of user management and IMAP server (we don't need to run dovecot/doveadm commands from the user management)
  • global keys are labeled production ready and used by hosters we know
• For accounts with mailbox encryption, the mail_crypt_global_private_key will be stored encrypted (with user password) in the database
• For recovery, the mail_crypt_global_private_key is also stored encrypted with recovery token in the database
• We're not sure how to handle encryption of legacy users mail yet, will have to look into that later

[doobry-systemli]

Yay, done with#123 being merged \o/