Hello,

I have a problem setting the mail-crypt plugin using global keys.

First of all I prepare keys:

penssl ecparam -genkey -name secp521r1 | openssl pkey -aes-256-cbc -passout pass:foobar | base64 -w0 >ecprivkey.pem cat ecprivkey_b64.pem | openssl ec -pubout > ecpubkey.pem

Now I would like to pass these values using the LDAP passdb. My conf is:

userdb ldap { driver = ldap ldap_filter = ... ldap filter ... fields { ... other fields ... crypt_global_public_key_file = inline:%{ldap:pubkey_in_pem_base64} crypt_global_private_key/main/crypt_private_key_file=inline:%{ldap:key_in_pem_base64} crypt_global_private_key/main/private_key_password=foobar } }

mail_plugins { mail_crypt = yes }

crypt_global_private_key main { # create the filter, but leave its settings empty }

when I receive an email I have:

lmtp(127004): Fatal: Raw user initialization failed: mail_crypt_plugin: main: Couldn't parse private key : Unknown key format

I want to let you know that if I give same keys, without base64 encoding, to configuration:

crypt_global_private_key main { crypt_private_key_file= /path/to/key }

and:

userdb ldap { ..... fields { ... other fields ... # crypt_global_private_key/main/crypt_private_key_file=inline:%{ldap:key_in_pem_base64} ... other fields ... } }

all works. If I try to retrieve values from LDAP all is ok with:

doveadm user user@domain

Any suggestion?

Thank you.