Hi everyone,
I run a very small (about 10 users) mailserver setup with the mail-crypt plugin activated and wanted to transition from a global key setup to user keys. Since I couldn't find a satisfying solution to reencrypt mailboxes when users change their password I started writing a script that ended up being a small webservice giving users a simple selfservice portal to change their password.
I consider it pretty much done by now and it's public on github.
Maybe it's useful for somebody else. However its use case is very narrow since I initially wrote this just for myself. It does only support a Postgres user store for instance.
The main reason, however, for this post is me wondering if anybody would bother to give me some feedback. Especially for the following aspects:
I execute doveadm from within my application. The advantage is that I can keep the code very light (~650 lines of code) while at the same time don't have to care about the crypto stuff which I wouldn't dare trying anyways.
The disadvantage of this approach is that I had to write a doveadm wrapper that needs the setuid bit to execute doveadm mailbox commands.
I consider this a bit hacky but a better solution didn't come to my mind.
Another aspect is the password that is being used to encrypt the private key. When creating a new user in the database I generate a unique salt. This salt is prefixed to the user's clear text password and the resulting string is run trough the sha3-512 hash function. The output is the mail_crypt_private_password.
You find the project here: https://github.com/nonce9/pwch
Criticism is welcome.
Benedikt