Guix

Technology for Resting Email Encrypted Storage (TREES) is a NaCL-based Dovecot encryption plugin. This plugin adds individually encrypted mail storage to the Dovecot IMAP server. It is inspired by Posteo's scrambler which uses OpenSSL and RSA keypairs. TREES works in a similar way, but uses the Sodium crypto library (based on NaCL).

How it works:

1. On IMAP log in, the user's cleartext password is passed to the plugin.

2. The plugin creates an argon2 digest from the password.

3. This password digest is used as a symmetric secret to decrypt a libsodium secretbox.

4. Inside the secretbox is stored a Curve25519 private key.

5. The Curve25519 private key is used to decrypt each individual message, using libsodium sealed boxes.

6. New mail is encrypted as it arrives using the Curve25519 public key.