On 06/08/2020 13:52 secure.light.0417.road secure.light.0417.road@protonmail.com wrote:

Ah, right. The hashed password can't be used to encrypt.

I want to remove possibility to decrypt mails using materials in mail servers in VPS. I've thought about below scenario:

1. The client generates asymmetric keys in local.
2. The client sends the public key to the dovecot in the mail server.
3. The dovecot generates a symmetric key.
4. The dovecot encrypts a received mail with the symmetric key.
5. The dovecot also encrypts the symmetric key with the public key.
6. The client get the mail and encrypted symmetric key from server into local and decrypts it using local private key.

You probably want to use PGP then.

Instead of 1 and 2, the way like "the dovecot generates all 3 and removes only private key", can be considered with docker image deployment.

mail_crypt plugin is primarily intended to protect storage medium, and not end user as such. While it does support this, it's not perfect tool for it, and can be bit difficult to set up. Dovecot does not support client-supplied private keys.

Is it possible with mail_crypt?

narangd

Aki

p.s. please keep responses on the list.