<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>PKCS5 is a password based key derivation function. The linked
      documentation has information what you can use here.</p>
    <p>Aki<br>
    </p>
    <div class="moz-cite-prefix">On 4.9.2019 10.06, <a class="moz-txt-link-abbreviated" href="mailto:info@unkn0wn3d.com">info@unkn0wn3d.com</a>
      wrote:<br>
    </div>
    <blockquote type="cite" cite="mid:Lnv53AF--3-1@unkn0wn3d.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div style="16px">Is any of the password schemes supported or is
        there a reason you chose pkcs5?</div>
      <div style="16px" text-align="left"><br>
      </div>
      <div style="16px" text-align="left"><br>
      </div>
      <div style="16px" text-align="left"><br>
      </div>
      <div style="16px" text-align="left">4. Sep. 2019, 08:45 von
        <a class="moz-txt-link-abbreviated" href="mailto:aki.tuomi@open-xchange.com">aki.tuomi@open-xchange.com</a>:<br>
      </div>
      <blockquote class="tutanota_quote" style="border-left: 1px solid
        #93A3B8; padding-left: 10px; margin-left: 5px;">
        <p>It should pick up the password used by the user, there is a
          caveat here though. The keypair is created on first use, so
          password will be initialized to empty string going thru pkcs5.
          This is slightly inconvenient.<br>
        </p>
        <p>To avoid this, you should probably have<br>
        </p>
        <p>protocol imap {<br>
        </p>
        <p>    passdb {<br>
        </p>
        <p>      driver = static <br>
        </p>
        <p>      args =
userdb_mail_crypt_private_password=%{pkcs5,salt=%u,format=base64:password}<br>
        </p>
        <p>}<br>
        </p>
        <p>and initialize the keypair using doveadm and set the password
          to this value there. <br>
        </p>
        <p><br>
        </p>
        <p>This requires some user management tools though so that the
          password is changed with doveadm when user changes  their
          password.<br>
        </p>
        <p>Another alternative is to keep the private password in
          database, you can use the var expand encryption plugin to make
          sure it's decryptable with the user's password. See <a
            target="_blank" rel="noopener noreferrer"
href="https://doc.dovecot.org/configuration_manual/config_file/config_variables/"
            class="" moz-do-not-send="true">https://doc.dovecot.org/configuration_manual/config_file/config_variables/</a>
          for details.<br>
        </p>
        <p>Key management is pretty much the most difficult thing in
          mail crypt plugin =)<br>
        </p>
        <p>Aki<br>
        </p>
        <p><br>
        </p>
        <div class="">On 4.9.2019 9.40, info--- via dovecot wrote:<br>
        </div>
        <blockquote type="cite">
          <div style="16px">Do I have to replace the "password" part
            with the actual password or can I just copy it like that?<br>
          </div>
          <div style="16px"><br>
          </div>
          <div style="16px">Will dovecot create the keypair
            automatically or do I have to use doveadm?<br>
          </div>
          <div style="16px"><br>
          </div>
          <div style="16px"><br>
          </div>
          <div style="16px">4. Sep. 2019, 08:33 von <a target="_blank"
              rel="noopener noreferrer"
              href="mailto:aki.tuomi@open-xchange.com" class=""
              moz-do-not-send="true">aki.tuomi@open-xchange.com</a>:<br>
          </div>
          <blockquote style="border-left: 1px solid #93A3B8;
            padding-left: 10px; margin-left: 5px;"
            class="tutanota_quote">
            <p><br>
            </p>
            <div class="">On 4.9.2019 9.21, Dustin Schoenwolf via
              dovecot wrote:<br>
            </div>
            <blockquote type="cite">
              <div style="16px">Hello there,<br>
              </div>
              <div style="16px"><br>
              </div>
              <div style="16px">is there a way to make the mailcrypt
                plugin use the user's password or at least store it in a
                hashed value?<br>
              </div>
              <div style="16px"><br>
              </div>
              <div style="16px">I'm using a passwd file for
                authentication.<br>
              </div>
              <div style="16px"><br>
              </div>
              <div style="16px">I feel uncomfortable saving the private
                password in plaintext in that file.<br>
              </div>
              <div style="16px"><br>
              </div>
              <div style="16px">Regards<br>
              </div>
            </blockquote>
            <p><br>
            </p>
            <p>You can try in passdb return <br>
            </p>
            <p>userdb_mail_crypt_private_password=%{pkcs5,salt=%u,format=base64:password}<br>
            </p>
            <p>Aki<br>
            </p>
          </blockquote>
          <div style="16px"><br>
          </div>
        </blockquote>
      </blockquote>
      <div style="16px" text-align="left"><br>
      </div>
    </blockquote>
  </body>
</html>