Doveadm encrypt/decrypt files manually with per-user folder keys

Ben Burk ben at burk.tech
Wed Jul 21 07:07:17 EEST 2021 

To anyone sifting through this mailing list in the future, I was able to 
accomplish manual encryption by moving mail or folders. This can be done 
in the client or through doveadm move.

On 7/14/21 11:00 AM, Aki Tuomi wrote:
>> On 14/07/2021 18:31 Ben Burk <ben at burk.tech> wrote:
>>
>>   
>> One more question and I think I should be ok. I just need to encrypt
>> unencrypted mails after having originally enabled mail_crypt.
>>
>>
>> I've determined how to decrypt encrypted mails from command line using
>> the private key for the mail folder, like so:
>>
>>
>> sudo -u vmail doveadm -o plugin/mail_crypt_private_password="${pass}"
>> mailbox cryptokey export -u user test | awk '/BEGIN PRIVATE KEY/,/END
>> PRIVATE KEY/' | sudo -u vmail tee /tmp/doveadm_HfztmQ-6192-3032
>>   >/dev/null 2>&1
>>
>> sudo -u vmail doveadm fs get crypt
>> private_key_path=/tmp/doveadm_HfztmQ-6192-3032:posix:prefix=/var/mail/domain/user/Maildir/test/cur/
>> 1626274985.M269696P3026.smtp\,S\=11765\,W\=12153\:2\,S
>>
>>
>> However, I'm still not sure how I'm supposed to export the public key to
>> do the encryption operation on unencrypted mail. The only keys that I've
>> been able to export for this folder-key system are the private keys per
>> folder and the private keys for the user:
>>
>>
>> sudo -u vmail doveadm -o plugin/mail_crypt_private_password="${pass}"
>> mailbox cryptokey export -u user test
>>
>> sudo -u vmail doveadm -o plugin/mail_crypt_private_password="${pass}"
>> mailbox cryptokey export -u user -U
>>
>>
>>
>> I've tried with
>>
>> On 7/12/21 1:25 AM, Aki Tuomi wrote:
>>> Try
>>>
>>> sudo -u vmail doveadm -o  plugin/mail_crypt_private_password="${pass}" mailbox cryptokey export -u user '*'
>>>
>>> (note the '*')
>>>
>>> Aki
>>>
>>>> -- 
>>>> Ben Burk
>>>> BURK.TECH System Administrator
>> -- 
>> Ben Burk
>> BURK.TECH System Administrator
> I don't think you can realistically encrypt those emails by hand. I mean with maildir it's "doable", but will require doing it with some external script. Maybe use `doveadm import` to import them from somewhere?
>
> Aki
>
-- 
Ben Burk
BURK.TECH System Administrator

More information about the dovecot mailing list