On 03/04/2011 06:40 AM, David Woodhouse wrote:
> I'm working on "Enterprise" use of Evolution, and one of the big
> requirements is encryption of data at rest. The answer "just encrypt the
> whole of the user's home directory" only puts them off for so long.
> So I'm looking at implementing this directly in camel-data-cache,
> e-cal-backend-cache, etc.
> I'll probably do the encryption with a randomly-generated key, which
> itself is stored locally, encrypted with a password. 
> That way, changing the password doesn't involve re-encrypting the whole
> of the store; you only need to re-encrypt the master key. It also means
> that we can tie the password for the cache to the password for the
> server; entering one will allow access to both.
> Hopefully, the changes required to code that *uses* the cache
> functionality should be fairly limited. Mostly it should be handled by
> extra arguments to camel_data_cache_new(), e_cal_backend_cache_new(),
> camel_db_open() and similar functions.
> I'm hoping that it's reasonable to declare that *filenames* are not
> sensitive, and that we only need to encrypt the *contents* of files.
> Does that seem fair?

for CamelDataCache, the file names already aren't very useful on their
own (just hashes of uids, iirc), so you wouldn't need to worry about
that ;-)

Anyways, do you also plan on encrypting mbox/maildir files? Might make

Easiest way to implement this feature in Camel might be to implement a
CamelMimeFilter or CamelStream that encrypts/decrypts the content as it
reads/writes the data. Implementing it as a CamelStream might be the
best approach as it would more easily allow seeking.

Hope that helps,


evolution-hackers mailing list
To change your list options or unsubscribe, visit ...

Reply via email to