On 11 April 2019 17:44 David Salisbury via dovecot <dovecot@dovecot.org> wrote:
On 4/11/2019 1:50 AM, Aki Tuomi wrote:
... So, not being an expert at encryption, what are the ramifications of those digests being read as different values in the two different places?? I do notice that the get_pubid_priv() function is internal to the decrypt.rb script and calls several OpenSSL functions.
-Dave Hmm... can you show me how you made the keypair for encryption? Maybe there is some difference?
Aki
Aki, I just used the "EC key" instructions from the Dovecot MailCrypt wiki: https://wiki.dovecot.org/Plugins/MailCrypt
" In order to generate an EC key, you must first choose a curve from the output of this command:
openssl ecparam -list_curves
If you choose the curve prime256v1, generate and EC key with the command:
openssl ecparam -name prime256v1 -genkey | openssl pkey -out ecprivkey.pem
Then generate a public key out of your private EC key
openssl pkey -in ecprivkey.pem -pubout -out ecpubkey.pem "
-Dave
I'm going on a limb and guess that there is something strange happening with ruby and openssl versions here.
The main point of the script is to show how the data can be decrypted, and can be used for small-scale data recovery as well.
Aki