mail_crypt_private_password cannot be hashed, as it's used to encrypt the key.

Aki

On 06/08/2020 10:06 secure.light.0417.road secure.light.0417.road@protonmail.com wrote:

I've tried to append the field "userdb_mail_crypt_private_password=<same-hashed-password-in-passwd-file>" to the end of each user line in userdb as passwd-file. And use the command below to generate keys.

doveadm -o plugin/mail_crypt_private_password=<not-hashed-user-password> mailbox cryptokey generate -u <username> -U

I confirmed mail encryption work properly.

Also I've compared two "dovecot-attribute" files with and without "mail_crypt_require_encrypted_user_key = yes". Seemingly they have no difference. How to check that the private key in dovecot-attribute be encrypted properly?

narangd

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Thursday, August 6, 2020 1:03 AM, Aki Tuomi aki.tuomi@open-xchange.com wrote:

...

...

On 05/08/2020 18:45 secure.light.0417.road secure.light.0417.road@protonmail.com wrote: Hello, Can the mail_crypt "folder keys" feature be used with encrypted user keys in passwd-file without sql database? It seems that there is no guide in the docs. Best regards, narangd

Dovecot stores folder and user keys into mail_attribute_dict. This does not have to be SQL database.

You can also add userdb_mail_crypt_private_password into passwd-file to provide it if you use passwd-file as userdb.

Aki