Backing up per user keys for mailcrypt
Aki Tuomi
aki.tuomi at open-xchange.com
Mon Jun 28 08:35:59 EEST 2021
> On 17/06/2021 19:59 Ben Burk <ben at burk.tech> wrote:
>
>
> I am wondering how I can back up keys for mail users in their
> password-protected form, without exporting them from `doveadm mailbox
> cryptokey export`, which requires a password. The goal here is to
> perform routine backups to keep keys current. Relevant config is as follows:
>
>
> mail_attribute_dict = file:%h/Maildir/dovecot-attributes
> mail_plugins = $mail_plugins mail_crypt
>
> plugin {
> mail_crypt_curve = secp521r1
> mail_crypt_save_version = 2
> mail_crypt_require_encrypted_user_key = yes
> }
>
>
> Am i correct in assuming I should back up the dovecot-attributes file?
> Are there any ancillary files that need to be backed up as well, such as
> indexes, to properly read and handle this file?
>
> I have viewed the file and it appears there are several keys at play for
> a single mail user. Do different folders in a users imap space have
> different encryption keys? Are all of these keys populated in this
> dovecot-attributes file?
>
> Is there any established procedure for restoring keys? Is it as simple
> as placing the dovecot-attributes file, if that is infact what needs to
> be backed up beforehand to perform a restore.
>
>
> --
> Ben Burk
> BURK.TECH System Administrator
Hi!
You can just take a copy of the dovecot-attributes file as you suspected.
Aki
More information about the dovecot
mailing list