Hi!
You can do it pretty much the same way. Put the key into LDAP, and assign to correct mail crypt parameters userdb.
Aki
On 15/11/2022 09:47 EET Andre Rodier andre@rodier.me wrote:
Dear dovecot developers.
When using mailcrypt plugin, how can store the encryption key in LDAP, please ?
There is an example with SQL in the doc, but no LDAP.
Thanks, André
On Thu, 2022-11-10 at 19:39 +0000, Andre Rodier wrote:
Hello, all.
I read carefully the messages about mailcrypt on the mailing list, especially this response from Aki:
It's best suited for securing external storage such as NFS or object storage. There are possibilities to encrypt the key using user's password, but this takes careful planning. The keys can also come from userdb , e.g. LDAP.
I am able to extend the LDAP schema of my OpenLDAP server to store a key into LDAP attribute for each user.
In this case, would it be enough for Dovecot to encrypt the messages when they arrive ?
Maybe I misunderstand the documentation. Even when using user keys protected by a password, the Dovecot LMTP process should be able to encrypt the emails with user’s public key, without a password, no ?
Ideally, I would like to store user's emails encrypted, so each users cannot access other user's emails. I don't need folder sharing.
Thanks for your advice.
Kind regards, André Rodier