[horde] s/mime private key
lst_hoe02 at kwsoft.de
lst_hoe02 at kwsoft.de
Fri Oct 30 19:39:12 UTC 2009
Zitat von martin_hansen at nym.hush.com:
> Hello,
>
> I would like to use s/mime but I am a little concerned how Horde
> IMP handles the private key on the server. It is not my server, I
> have only a shared webhosting plan. Because of this I need to know
> if the server admin can retrieve my private key and can read my
> s/mime encrypted e-mails. Also I need to know if I have to enter my
> private key password each time I want to read a s/mime encrypted e-
> mail.
>
The private key is stored encrypted in the database. You have to
provide the matching password once per session to get the private key
stored unencrypted in your encrypted session data. That said it is
nevertheless possible for the server admin to alter the PHP code of
Horde/IMP to steel the password. But if you don't trust them, use
another Provider or do S/MIME only from your local client.
Regards
Andreas
More information about the horde
mailing list