mail_crypt: multiple keypairs

mabi mabi at protonmail.ch
Thu Jul 4 15:35:58 EEST 2019


‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, July 4, 2019 11:17 AM, @lbutlr via dovecot <dovecot at dovecot.org> wrote:

> > Is it possible to delete the inactive keypair? if yes how?
>
> Wouldn’t you then be unable to *unencrypt* previous emails?

That's also what I thought but based on my understand and on the documentation of the "mailbox cryptokey generate" doveadm command (https://wiki2.dovecot.org/Plugins/MailCrypt#doveadm_mailbox_cryptokey_generate) if you use the "-R" parameter you re-encrypt all the mails with the new key. See the description of that "-R" parameter:

-R - Re-encrypt all folder keys with current active user key

Someone please correct me here if I am wrong...



More information about the dovecot mailing list