mail_crypt_private_password cannot be hashed, as it's used to encrypt the key.
Aki
On 06/08/2020 10:06 secure.light.0417.road secure.light.0417.road@protonmail.com wrote:
I've tried to append the field "userdb_mail_crypt_private_password=<same-hashed-password-in-passwd-file>" to the end of each user line in userdb as passwd-file. And use the command below to generate keys.
doveadm -o plugin/mail_crypt_private_password=<not-hashed-user-password> mailbox cryptokey generate -u <username> -U
I confirmed mail encryption work properly.
Also I've compared two "dovecot-attribute" files with and without "mail_crypt_require_encrypted_user_key = yes". Seemingly they have no difference. How to check that the private key in dovecot-attribute be encrypted properly?
narangd
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Thursday, August 6, 2020 1:03 AM, Aki Tuomi aki.tuomi@open-xchange.com wrote:
On 05/08/2020 18:45 secure.light.0417.road secure.light.0417.road@protonmail.com wrote: Hello, Can the mail_crypt "folder keys" feature be used with encrypted user keys in passwd-file without sql database? It seems that there is no guide in the docs. Best regards, narangd
Dovecot stores folder and user keys into mail_attribute_dict. This does not have to be SQL database.
You can also add
userdb_mail_crypt_private_password
into passwd-file to provide it if you use passwd-file as userdb.Aki