Hi,

I have setup up a simple mail server using the ISPMail tutorial and I'm trying to learn how to create email encryption at rest.

I'm having a tough time understanding how to set this up...

So say a user logins thru roundcube and they type in their password...so the password authenticates to the mysql database which is storing their encrypted private key?? And once they access that private key, how do they use that private key to unencrypt their mailbox?

You can export mail_crypt_global_private_key_password from userdb to specify how to do derive password to decrypt the private key. Or just provide it there. Private key should be exported as mail_crypt_global_private_key variable in userdb, and the corresponding public key mail_crypt_global_public_key.

I'm a super noob at this, and I may be off, but I don't know where to start when it comes to setting this up... if I'm way off could you just recommend some tutorials or other basics I should learn first before moving on to setting this up?

Sent with ProtonMail Secure Email.