Backing up per user keys for mailcrypt
Ben Burk
ben at burk.tech
Thu Jun 17 19:59:07 EEST 2021
I am wondering how I can back up keys for mail users in their
password-protected form, without exporting them from `doveadm mailbox
cryptokey export`, which requires a password. The goal here is to
perform routine backups to keep keys current. Relevant config is as follows:
mail_attribute_dict = file:%h/Maildir/dovecot-attributes
mail_plugins = $mail_plugins mail_crypt
plugin {
mail_crypt_curve = secp521r1
mail_crypt_save_version = 2
mail_crypt_require_encrypted_user_key = yes
}
Am i correct in assuming I should back up the dovecot-attributes file?
Are there any ancillary files that need to be backed up as well, such as
indexes, to properly read and handle this file?
I have viewed the file and it appears there are several keys at play for
a single mail user. Do different folders in a users imap space have
different encryption keys? Are all of these keys populated in this
dovecot-attributes file?
Is there any established procedure for restoring keys? Is it as simple
as placing the dovecot-attributes file, if that is infact what needs to
be backed up beforehand to perform a restore.
--
Ben Burk
BURK.TECH System Administrator
More information about the dovecot
mailing list