<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>PKCS5 is a password based key derivation function. The linked
documentation has information what you can use here.</p>
<p>Aki<br>
</p>
<div class="moz-cite-prefix">On 4.9.2019 10.06, <a class="moz-txt-link-abbreviated" href="mailto:info@unkn0wn3d.com">info@unkn0wn3d.com</a>
wrote:<br>
</div>
<blockquote type="cite" cite="mid:Lnv53AF--3-1@unkn0wn3d.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div style="16px">Is any of the password schemes supported or is
there a reason you chose pkcs5?</div>
<div style="16px" text-align="left"><br>
</div>
<div style="16px" text-align="left"><br>
</div>
<div style="16px" text-align="left"><br>
</div>
<div style="16px" text-align="left">4. Sep. 2019, 08:45 von
<a class="moz-txt-link-abbreviated" href="mailto:aki.tuomi@open-xchange.com">aki.tuomi@open-xchange.com</a>:<br>
</div>
<blockquote class="tutanota_quote" style="border-left: 1px solid
#93A3B8; padding-left: 10px; margin-left: 5px;">
<p>It should pick up the password used by the user, there is a
caveat here though. The keypair is created on first use, so
password will be initialized to empty string going thru pkcs5.
This is slightly inconvenient.<br>
</p>
<p>To avoid this, you should probably have<br>
</p>
<p>protocol imap {<br>
</p>
<p> passdb {<br>
</p>
<p> driver = static <br>
</p>
<p> args =
userdb_mail_crypt_private_password=%{pkcs5,salt=%u,format=base64:password}<br>
</p>
<p>}<br>
</p>
<p>and initialize the keypair using doveadm and set the password
to this value there. <br>
</p>
<p><br>
</p>
<p>This requires some user management tools though so that the
password is changed with doveadm when user changes their
password.<br>
</p>
<p>Another alternative is to keep the private password in
database, you can use the var expand encryption plugin to make
sure it's decryptable with the user's password. See <a
target="_blank" rel="noopener noreferrer"
href="https://doc.dovecot.org/configuration_manual/config_file/config_variables/"
class="" moz-do-not-send="true">https://doc.dovecot.org/configuration_manual/config_file/config_variables/</a>
for details.<br>
</p>
<p>Key management is pretty much the most difficult thing in
mail crypt plugin =)<br>
</p>
<p>Aki<br>
</p>
<p><br>
</p>
<div class="">On 4.9.2019 9.40, info--- via dovecot wrote:<br>
</div>
<blockquote type="cite">
<div style="16px">Do I have to replace the "password" part
with the actual password or can I just copy it like that?<br>
</div>
<div style="16px"><br>
</div>
<div style="16px">Will dovecot create the keypair
automatically or do I have to use doveadm?<br>
</div>
<div style="16px"><br>
</div>
<div style="16px"><br>
</div>
<div style="16px">4. Sep. 2019, 08:33 von <a target="_blank"
rel="noopener noreferrer"
href="mailto:aki.tuomi@open-xchange.com" class=""
moz-do-not-send="true">aki.tuomi@open-xchange.com</a>:<br>
</div>
<blockquote style="border-left: 1px solid #93A3B8;
padding-left: 10px; margin-left: 5px;"
class="tutanota_quote">
<p><br>
</p>
<div class="">On 4.9.2019 9.21, Dustin Schoenwolf via
dovecot wrote:<br>
</div>
<blockquote type="cite">
<div style="16px">Hello there,<br>
</div>
<div style="16px"><br>
</div>
<div style="16px">is there a way to make the mailcrypt
plugin use the user's password or at least store it in a
hashed value?<br>
</div>
<div style="16px"><br>
</div>
<div style="16px">I'm using a passwd file for
authentication.<br>
</div>
<div style="16px"><br>
</div>
<div style="16px">I feel uncomfortable saving the private
password in plaintext in that file.<br>
</div>
<div style="16px"><br>
</div>
<div style="16px">Regards<br>
</div>
</blockquote>
<p><br>
</p>
<p>You can try in passdb return <br>
</p>
<p>userdb_mail_crypt_private_password=%{pkcs5,salt=%u,format=base64:password}<br>
</p>
<p>Aki<br>
</p>
</blockquote>
<div style="16px"><br>
</div>
</blockquote>
</blockquote>
<div style="16px" text-align="left"><br>
</div>
</blockquote>
</body>
</html>