On Mon, August 5, 2013 5:12 am, Yishen Miao wrote: > On Aug 4, 2013, at 9:54 PM, [email protected] (Wietse Venema) wrote: >> Yishen Miao: >>> I wonder is there any plan about adding such feature to postfix? >> There are no such plans. If random people can read a private key >> file that is read-only for root, then you have worse problems than >> email security. > Also, an encrypted private key that is read-only for root sounds more > secure than a plain one in the worse problem scenarios. :-p
No. Where would the decryption key for the encrypted private key stored, and how would it be protected against intruders? As soon as an intruder has that decryption key, they have the plaintext private key as well.
