Decryption method for Maildir messages stored by mail_crypt plugin

Aki Tuomi aki.tuomi at dovecot.fi
Thu May 17 20:18:06 EEST 2018


> On 17 May 2018 at 19:49 Ben Harrison <bh at bharrison.it> wrote:
> 
> 
> I've successfully implemented the mail_crypt plugin on v2.2.27 and it's
> working like a champ, but some of our administrative operations require
> access to Maildir messages in plaintext.
> 
> I've found numerous threads detailing help with mail_crypt setup, but none
> of my research has yielded a method of decrypting the stored messages.
> 
> Relevant plugin config:
> 
>   mail_crypt_curve = prime256v1
>   mail_crypt_global_private_key = <pirvkey>
>   mail_crypt_global_public_key = <pubkey>
>   mail_crypt_save_version = 2
> 
> Method I attempted for manual decryption is listed below:
> 
> openssl pkeyutl -derive -inkey mailcrypt.key -peerkey mailcrypt.pub -out
> shared_secret.bin
> openssl enc -aes256 -base64 -k $(base64 shared_secret.bin) -d -in test.enc
> -out test.txt
> 
> Openssl reports an error reading the input file, but it isn't permissions
> related.
> 
> I started looking for the encryption/decryption method in the source but
> figure it's worth seeing if there's some existing methodology I can employ
> here.
> 
> Appreciate any feedback. Thanks,
> 
> -- 
> -- 
> --
> 
> *Ben Harrison*
> 
> *BHarrison.IT*843.492.4870

The file is not decryptable using openssl enc, since it's not encrypted using that method.

To decrypt the file, you can use this ruby script https://gist.github.com/cmouse/882f2e2a60c1e49b7d343f5a6a2721de

Or you can write one yourself, the mail crypt file format is documented at https://wiki.dovecot.org/Design/Dcrypt

Aki


More information about the dovecot mailing list