Decryption method for Maildir messages stored by mail_crypt plugin
Aki Tuomi
aki.tuomi at dovecot.fi
Thu May 17 20:18:06 EEST 2018
> On 17 May 2018 at 19:49 Ben Harrison <bh at bharrison.it> wrote:
>
>
> I've successfully implemented the mail_crypt plugin on v2.2.27 and it's
> working like a champ, but some of our administrative operations require
> access to Maildir messages in plaintext.
>
> I've found numerous threads detailing help with mail_crypt setup, but none
> of my research has yielded a method of decrypting the stored messages.
>
> Relevant plugin config:
>
> mail_crypt_curve = prime256v1
> mail_crypt_global_private_key = <pirvkey>
> mail_crypt_global_public_key = <pubkey>
> mail_crypt_save_version = 2
>
> Method I attempted for manual decryption is listed below:
>
> openssl pkeyutl -derive -inkey mailcrypt.key -peerkey mailcrypt.pub -out
> shared_secret.bin
> openssl enc -aes256 -base64 -k $(base64 shared_secret.bin) -d -in test.enc
> -out test.txt
>
> Openssl reports an error reading the input file, but it isn't permissions
> related.
>
> I started looking for the encryption/decryption method in the source but
> figure it's worth seeing if there's some existing methodology I can employ
> here.
>
> Appreciate any feedback. Thanks,
>
> --
> --
> --
>
> *Ben Harrison*
>
> *BHarrison.IT*843.492.4870
The file is not decryptable using openssl enc, since it's not encrypted using that method.
To decrypt the file, you can use this ruby script https://gist.github.com/cmouse/882f2e2a60c1e49b7d343f5a6a2721de
Or you can write one yourself, the mail crypt file format is documented at https://wiki.dovecot.org/Design/Dcrypt
Aki
More information about the dovecot
mailing list