[Xapian-discuss] Encrypted Database Files

James Aylett james-xapian at tartarus.org
Wed Jan 18 11:40:54 GMT 2006 

On Tue, Jan 17, 2006 at 09:09:02PM -0500, David Blewett wrote:

> I tried to subscribe over the weekend, and haven't gotten an email yet. 
> I'll try to post this and see if it lets me.

We've been having problems with the mailing list software and certain
kinds of spam (there's a bug in the character set handler which
crashes the mailing list :-(. When it dies I have to restart it... you
should have a whole load of emails now!

> I'm considering using Xapian to index email messages in an IMAP server 
> I'm writing. Is it possible to encrypt the databases stored on disk, so 
> that someone cannot recover their contents?

You could encrypt the volume the database is stored on, and that's
probably the best option IMHO.

> What I would like to do is when a message is received, send it through 
> Xapian to be indexed. Then encrypt the contents and store it. When I 
> run a search through Xapian, all I need is some sort of ID so I can 
> retrieve the message and decrypt it. I don't want someone to be able to 
> use the Xapian database to reconstruct the messages indexed. Is this 
> possible?  If not, is there another indexing engine that can? Thanks!

You *could* encrypt the email after indexing and stuff that in the
document data within Xapian, but I wouldn't recommend it because the
index terms would still be unencrypted, so while it isn't possible to
get the actual email contents, you could get all the posting lists and
hence the (stemmed version of the) words in the email.

If you put the db on an encrypted volume, only someone with the key
can access the database at all - much better. On Windows something
like PGP Desktop will do the trick (or Windows XP's encryption
services, for local disks). On Unix, an encrypted file system written
onto a file and mounted via loopback will do the same thing - there
are undoubtedly HOWTO docs on doing this for linux, and probably
*BSD. For commercial Unixes, talk to your vendor.

J

-- 
/--------------------------------------------------------------------------\
  James Aylett                                                  xapian.org
  james at tartarus.org                               uncertaintydivision.org

More information about the Xapian-discuss mailing list