8 Aug
2023
8 Aug
'23
1:20 a.m.
I would not want to re-encrypt huge mail folders. There should be two passwords: one for the user login, that you can change often, and one for the encryption, that you can leave alone. This is how protonmail does it.
Now that you mention it I realize that my wording is actually pretty confusing. At password changes I run the doveadm mailbox cryptokey password command. According to the documentation that would just change the password to the private key while the key itself stays the same. As long as I don't get this wrong, I'm not re-encrypting mailboxes but the private keys used to encrypt them.