Mailcrypt plugin private password

info at unkn0wn3d.com info at unkn0wn3d.com
Wed Sep 4 10:06:07 EEST 2019 

Is any of the password schemes supported or is there a reason you chose pkcs5?


4. Sep. 2019, 08:45 von aki.tuomi at open-xchange.com:

>
> It should pick up the password used by the user, there is a      caveat here though. The keypair is created on first use, so      password will be initialized to empty string going thru pkcs5.      This is slightly inconvenient.
>
>
> To avoid this, you should probably have
>
>
> protocol imap {
>
>
>     passdb {
>
>
>       driver = static 
>
>
>       args =userdb_mail_crypt_private_password=%{pkcs5,salt=%u,format=base64:password}
>
>
> }
>
>
> and initialize the keypair using doveadm and set the password to      this value there. 
>
>
>
>
>
> This requires some user management tools though so that the      password is changed with doveadm when user changes  their      password.
>
>
> Another alternative is to keep the private password in database,      you can use the var expand encryption plugin to make sure it's      decryptable with the user's password. See > https://doc.dovecot.org/configuration_manual/config_file/config_variables/ <https://doc.dovecot.org/configuration_manual/config_file/config_variables/>>  for details.
>
>
> Key management is pretty much the most difficult thing in mail      crypt plugin =)
>
>
> Aki
>
>
>
>
> On 4.9.2019 9.40, info--- via dovecot      wrote:
>
>> Do I have to replace the "password" part with        the actual password or can I just copy it like that?
>>
>> Will dovecot create the        keypair automatically or do I have to use doveadm?
>>
>>
>> 4. Sep. 2019, 08:33 von >> aki.tuomi at open-xchange.com <mailto:aki.tuomi at open-xchange.com>>> :
>>
>>>
>>>
>>>
>>> On 4.9.2019 9.21, **** **** via dovecot          wrote:
>>>
>>>> Hello there,
>>>>
>>>> is there a way to make the mailcrypt plugin            use the user's password or at least store it in a hashed            value?
>>>>
>>>> I'm using a passwd file for authentication.
>>>>
>>>> I feel uncomfortable saving the private            password in plaintext in that file.
>>>>
>>>> Regards
>>>>
>>>
>>>
>>>
>>>
>>> You can try in passdb return 
>>>
>>>
>>> userdb_mail_crypt_private_password=%{pkcs5,salt=%u,format=base64:password}
>>>
>>>
>>> Aki
>>>
>>>
>>
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20190904/70736dbf/attachment.html>

More information about the dovecot mailing list