[horde] s/mime private key

lst_hoe02 at kwsoft.de lst_hoe02 at kwsoft.de
Fri Oct 30 19:39:12 UTC 2009

Zitat von martin_hansen at nym.hush.com:

> Hello,
> I would like to use s/mime but I am a little concerned how Horde
> IMP handles the private key on the server. It is not my server, I
> have only a shared webhosting plan. Because of this I need to know
> if the server admin can retrieve my private key and can read my
> s/mime encrypted e-mails. Also I need to know if I have to enter my
> private key password each time I want to read a s/mime encrypted e-
> mail.

The private key is stored encrypted in the database. You have to  
provide the matching password once per session to get the private key  
stored unencrypted in your encrypted session data. That said it is  
nevertheless possible for the server admin to alter the PHP code of  
Horde/IMP to steel the password. But if you don't trust them, use  
another Provider or do S/MIME only from your local client.



More information about the horde mailing list