mail_crypt: multiple keypairs

mabi mabi at
Wed Jul 3 15:38:11 EEST 2019


I am testing mail_crypt plugin with per account encryption and wanted to generate a new keypair for an account but noticed that I now end up with 2 keypairs where one is active and the other inactive as you can see below:

$ doveadm mailbox cryptokey list -u email at domain.tld -U

Folder Active Public ID
       yes    7b140b4f3d6d68eed2c59259ac5e6f6a280dc82990292dc415b4100d6c797f67
       no     1c1dd1c955757da7c19f1eeb6d6c4d0d66e6355baa2d844bc2623052e1aa2f91

Does this mean now that all existing emails get encrypted with both keypairs? or does this mean only the active keypair is used to encrypt new emails?

Is it possible to delete the inactive keypair? if yes how?


More information about the dovecot mailing list