I would not want to re-encrypt huge mail folders. There should be two passwords: one for the user login, that you can change often, and one for the encryption, that you can leave alone. This is how protonmail does it. -------- Original Message -------- On Aug 7, 2023, 21:34, Benedikt Zumtobel via dovecot wrote:
Hi everyone, I run a very small (about 10 users) mailserver setup with the mail-crypt plugin activated and wanted to transition from a global key setup to user keys. Since I couldn't find a satisfying solution to reencrypt mailboxes when users change their password I started writing a script that ended up being a small webservice giving users a simple selfservice portal to change their password. I consider it pretty much done by now and it's public on github. Maybe it's useful for somebody else. However its use case is very narrow since I initially wrote this just for myself. It does only support a Postgres user store for instance. The main reason, however, for this post is me wondering if anybody would bother to give me some feedback. Especially for the following aspects: I execute doveadm from within my application. The advantage is that I can keep the code very light (~650 lines of code) while at the same time don't have to care about the crypto stuff which I wouldn't dare trying anyways. The disadvantage of this approach is that I had to write a doveadm wrapper that needs the setuid bit to execute doveadm mailbox commands. I consider this a bit hacky but a better solution didn't come to my mind. Another aspect is the password that is being used to encrypt the private key. When creating a new user in the database I generate a unique salt. This salt is prefixed to the user's clear text password and the resulting string is run trough the sha3-512 hash function. The output is the mail_crypt_private_password. You find the project here: https://github.com/nonce9/pwch Criticism is welcome. Benedikt _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org