On 6.1.2011, at 13.54, Christian Felsing wrote:
I would support that idea. Private key should be encrypted with users passphrase. If user changes password privet key needs to be decrypted with old password and reencrypted with new password.
Public key never changes, so maildir is never required to be touched, if user changes password and server does not need to know users secret to receive mail.
I would wish that Timo would consider to implement required functions to plugin API, so such a plugin would be possible without massive patching Dovecot source code.
It is possible without patching. There is already a plugin that can be used to implement what you want (although it could be slightly improved): http://dovecot.org/patches/2.0/mail-filter.tar.gz
Basically that plugin allows you to call a script when reading a mail. You can have that script call gpg or whatever to decrypt the mail when necessary.
The only small problem is about how to transfer the user's password to the script, but even that wouldn't require more than a couple of lines of new code to the plugin.