Doveadm encrypt/decrypt files manually with per-user folder keys
Aki Tuomi
aki.tuomi at open-xchange.com
Wed Jul 14 19:00:39 EEST 2021
> On 14/07/2021 18:31 Ben Burk <ben at burk.tech> wrote:
>
>
> One more question and I think I should be ok. I just need to encrypt
> unencrypted mails after having originally enabled mail_crypt.
>
>
> I've determined how to decrypt encrypted mails from command line using
> the private key for the mail folder, like so:
>
>
> sudo -u vmail doveadm -o plugin/mail_crypt_private_password="${pass}"
> mailbox cryptokey export -u user test | awk '/BEGIN PRIVATE KEY/,/END
> PRIVATE KEY/' | sudo -u vmail tee /tmp/doveadm_HfztmQ-6192-3032
> >/dev/null 2>&1
>
> sudo -u vmail doveadm fs get crypt
> private_key_path=/tmp/doveadm_HfztmQ-6192-3032:posix:prefix=/var/mail/domain/user/Maildir/test/cur/
> 1626274985.M269696P3026.smtp\,S\=11765\,W\=12153\:2\,S
>
>
> However, I'm still not sure how I'm supposed to export the public key to
> do the encryption operation on unencrypted mail. The only keys that I've
> been able to export for this folder-key system are the private keys per
> folder and the private keys for the user:
>
>
> sudo -u vmail doveadm -o plugin/mail_crypt_private_password="${pass}"
> mailbox cryptokey export -u user test
>
> sudo -u vmail doveadm -o plugin/mail_crypt_private_password="${pass}"
> mailbox cryptokey export -u user -U
>
>
>
> I've tried with
>
> On 7/12/21 1:25 AM, Aki Tuomi wrote:
> > Try
> >
> > sudo -u vmail doveadm -o plugin/mail_crypt_private_password="${pass}" mailbox cryptokey export -u user '*'
> >
> > (note the '*')
> >
> > Aki
> >
> >> --
> >> Ben Burk
> >> BURK.TECH System Administrator
>
> --
> Ben Burk
> BURK.TECH System Administrator
I don't think you can realistically encrypt those emails by hand. I mean with maildir it's "doable", but will require doing it with some external script. Maybe use `doveadm import` to import them from somewhere?
Aki
More information about the dovecot
mailing list