<html><head></head><body>Can you tell us what you did differently?<br><br>Aki<br><br><div class="gmail_quote">On 20 February 2021 11.33.15 EET, Antti Antinoja <reader@fennosys.fi> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">Got it! My private test key was in wrong format.<br><br>Cheers,<br>Antti<br><br>On Sat, 20 Feb 2021 14:15:07 +0800<br>Antti Antinoja <reader@fennosys.fi> wrote:<br><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;">Version: Dovecot 2.3.13 (89f716dc2)<br><br>Issue: Dovecot states it can't parse the private key<br><br>= Background =<br><br>== Creating private EC key ==<br><br>* Curve: secp521r1<br>* Encryption: aes-256-ctr<br>* Format: pkey<br>* Enacapsulation: Base64<br><br> # openssl ecparam -name secp521r1 -genkey | openssl pkey |\<br> openssl ec -aes-256-ctr | base64 -w0 > test_keys_remove/private_key_encrypted.pem<br><br>== Extract public key ==<br><br> # cat test_keys_remove/private_key_encrypted.pem | base64 -d |\<br> openssl ec -pubout | base64 -w0 > test_keys_remove/public_key.pem<br><br>== Checking keys ==<br><br>* 592 Feb 20 07:27 private_key_encrypted.pem:<br>LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tClByb2MtVHlwZTogNCxFTkNSWVBURUQKREVLLUluZm86IEFFUy0yNTYtQ1RSLEY3QzRCMUU3MDQxRDBBNDU1QjFGOUUwODA0NkRBNDAxCgpQdGE4T0F0QTN1anYwdlNNY3RpSGlUZDJqMEdTU2R6VjU3UUdtVXdDTU1RcDdRb3FCSHQvZERNRVBiUEY1bEcxCmowUER1NS9GVnVUdFVsUlpTMTYrTlNXaW9yZ2t2VkhUaDMrNDd0eC91dmlRd1FQLzQzdEVhRnBmNzdTQVpsRHcKeEIyU2pNNFp2MWhkU3BqeFdER0dKRkJEdi8yL2RqOVVwVHh3a0F3dVgrUVFoUmxWelN5cjBCQVhHOXlPcS9HVAp3czhRNUdldnp2SEdoMVl5UGdwTDlqdGJpekdJYTRVUzBmN2hFZkdHSGZKLzNSSWR6MHhlaWh2OEdhMGh1ajQ4CmRTL1FTY0U3QnYrWW16emNnMmRsdlk5Nkc1eFJJT3dCOEFEd1IvbHdidz09Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K<br><br>* 360 Feb 20 07:28 public_key.pem:<br>LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHYk1CQUdCeXFHU000OUFnRUdCU3VCQkFBakE0R0dBQVFBK2w2M0ZIckpuT0dPZ1lDTG5PRVpOaHpSdW5YWgpoMHd5dTNPS1VzSEozUDJPVWxNWmxKOFFjZTF0SExUTWFxMWxkOTIwbkdJQmo1TGNYUklVdWRweElTd0I2Tld0Ck1TWncrZFBEUVRjc0hQMFRqWUh5Njl4d25BZHV4ZHZYdnh0Uk5TRzZGNlJPUnR0L2t2ekk3bWRPM0NpQ1FyMTQKTjZWalZyYWVpaXZkR2dPQ250bz0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==<br><br>== Notes ==<br><br>* The keys are then saved in database and fetched to userdb by Dovecot via passdb lookup (Details in the logs)<br>* mail-crypt settings:<br><br> mail_plugins = $mail_plugins mail_crypt<br> plugin {<br> mail_crypt_curve = secp521r1<br> mail_crypt_save_version = 0<br> }<br><br>* Note: User record on database has mail_crypt_save_version = 2 as can be seen from the log extract below.<br><br>= Dovecot log on client IMAP message retrieval =<br><br>Feb 20 07:45:01 pf1 dovecot[19612]: auth: Debug: sql(test1@g1.fi,x.x.x.x,<wFzVEb67CMQKZgkb>): Performing passdb lookup<br>Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: sql(test1@g1.fi,x.x.x.x,<wFzVEb67CMQKZgkb>): Finished passdb lookup<br>Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: auth(test1@g1.fi,x.x.x.x,<wFzVEb67CMQKZgkb>): Auth request finished<br>Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: client passdb out: OK 1 user=test1@g1.fi <br>Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: sql(test1@g1.fi,x.x.x.x,<wFzVEb67CMQKZgkb>): Performing userdb lookup<br>Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: sql(test1@g1.fi,x.x.x.x,<wFzVEb67CMQKZgkb>): Finished userdb lookup<br>Feb 20 07:45:02 pf1 dovecot[19612]: auth: Debug: master userdb out: USER 1609957377 test1@g1.fi mail_crypt_global_private_password=key_pass_we_know_this_is_correct mail_crypt_global_private_key=LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tClByb2MtVHlwZTogNCxFTkNSWVBURUQKREVLLUluZm86IEFFUy0yNTYtQ1RSLEY3QzRCMUU3MDQxRDBBNDU1QjFGOUUwODA0NkRBNDAxCgpQdGE4T0F0QTN1anYwdlNNY3RpSGlUZDJqMEdTU2R6VjU3UUdtVXdDTU1RcDdRb3FCSHQvZERNRVBiUEY1bEcxCmowUER1NS9GVnVUdFVsUlpTMTYrTlNXaW9yZ2t2VkhUaDMrNDd0eC91dmlRd1FQLzQzdEVhRnBmNzdTQVpsRHcKeEIyU2pNNFp2MWhkU3BqeFdER0dKRkJEdi8yL2RqOVVwVHh3a0F3dVgrUVFoUmxWelN5cjBCQVhHOXlPcS9HVAp3czhRNUdldnp2SEdoMVl5UGdwTDlqdGJpekdJYTRVUzBmN2hFZkdHSGZKLzNSSWR6MHhlaWh2OEdhMGh1ajQ4CmRTL1FTY0U3QnYrWW16emNnMmRsdlk5Nkc1eFJJT3dCOEFEd1IvbHdidz09Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K mail_crypt_global_public_key=LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHYk1CQUdCeXFHU000OUFnRUdCU3VCQkFBakE0R0dBQVFBK2w2M0ZIckpuT0dPZ1lDTG5PRVpOaHpSdW5YWgpoMHd5dTNPS1VzSEozUDJPVWxNWmxKOFFjZTF0SEx<br></blockquote> UT<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"> WFxMWxkOTIwbkdJQmo1TGNYUklVdWRweElTd0I2Tld0Ck1TWncrZFBEUVRjc0hQMFRqWUh5Njl4d25BZHV4ZHZYdnh0Uk5TRzZGNlJPUnR0L2t2ekk3bWRPM0NpQ1FyMTQKTjZWalZyYWVpaXZkR2dPQ250bz0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg== mail_crypt_save_version=2 quota_rule=*:bytes=0 home=/var/vmail/g1.fi/test1 uid=10000 gid=10000 auth_mech=PLAIN auth_token=66d2d0f66bcce2758235fb53dbfe821804c6e79c<br>Feb 20 07:45:02 pf1 dovecot[19612]: imap-login: Login: user=<test1@g1.fi>, method=PLAIN, rip=x.x.x.x, lip=y.y,y,y, mpid=19618, TLS, session=<wFzVEb67CMQKZgkb><br>Feb 20 07:45:02 pf1 dovecot[19612]: imap(test1@g1.fi)<19618><wFzVEb67CMQKZgkb>: Debug: Added userdb setting: plugin/mail_crypt_global_private_key=LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tClByb2MtVHlwZTogNCxFTkNSWVBURUQKREVLLUluZm86IEFFUy0yNTYtQ1RSLEY3QzRCMUU3MDQxRDBBNDU1QjFGOUUwODA0NkRBNDAxCgpQdGE4T0F0QTN1anYwdlNNY3RpSGlUZDJqMEdTU2R6VjU3UUdtVXdDTU1RcDdRb3FCSHQvZERNRVBiUEY1bEcxCmowUER1NS9GVnVUdFVsUlpTMTYrTlNXaW9yZ2t2VkhUaDMrNDd0eC91dmlRd1FQLzQzdEVhRnBmNzdTQVpsRHcKeEIyU2pNNFp2MWhkU3BqeFdER0dKRkJEdi8yL2RqOVVwVHh3a0F3dVgrUVFoUmxWelN5cjBCQVhHOXlPcS9HVAp3czhRNUdldnp2SEdoMVl5UGdwTDlqdGJpekdJYTRVUzBmN2hFZkdHSGZKLzNSSWR6MHhlaWh2OEdhMGh1ajQ4CmRTL1FTY0U3QnYrWW16emNnMmRsdlk5Nkc1eFJJT3dCOEFEd1IvbHdidz09Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K<br>Feb 20 07:45:02 pf1 dovecot[19612]: imap(test1@g1.fi)<19618><wFzVEb67CMQKZgkb>: Debug: Added userdb setting: plugin/mail_crypt_global_private_password=<hidden><br>Feb 20 07:45:02 pf1 dovecot[19612]: imap(test1@g1.fi)<19618><wFzVEb67CMQKZgkb>: Debug: Added userdb setting: plugin/mail_crypt_global_public_key=LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHYk1CQUdCeXFHU000OUFnRUdCU3VCQkFBakE0R0dBQVFBK2w2M0ZIckpuT0dPZ1lDTG5PRVpOaHpSdW5YWgpoMHd5dTNPS1VzSEozUDJPVWxNWmxKOFFjZTF0SExUTWFxMWxkOTIwbkdJQmo1TGNYUklVdWRweElTd0I2Tld0Ck1TWncrZFBEUVRjc0hQMFRqWUh5Njl4d25BZHV4ZHZYdnh0Uk5TRzZGNlJPUnR0L2t2ekk3bWRPM0NpQ1FyMTQKTjZWalZyYWVpaXZkR2dPQ250bz0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==<br>Feb 20 07:45:02 pf1 dovecot[19612]: imap(test1@g1.fi)<19618><wFzVEb67CMQKZgkb>: Debug: Added userdb setting: plugin/=2<br>Feb 20 07:45:02 pf1 dovecot[19612]: imap(test1@g1.fi)<19618><wFzVEb67CMQKZgkb>: Debug: Added userdb setting: plugin/quota_rule=*:bytes=0<br>Feb 20 07:45:02 pf1 dovecot[19612]: imap(test1@g1.fi)<19618><wFzVEb67CMQKZgkb>: Error: mail_crypt_plugin: mail_crypt_global_private_key: Couldn't parse private key: Unknown/invalid PEM key type<br><br>== Question ==<br><br>Any idea why Dovecot can't parse the private key?<br><br>I tested this with several keys. Even with some without encryption -> Always same error.<br><br>According to the debug messages the private key is correctly loaded (and indeed matches the one created on command line).<br><br>Thank you for your time.<br><br>Cheers,<br>Antti<br><br>-- <br>Antti Antinoja <reader@fennosys.fi><br></blockquote><br></pre></blockquote></div><br>-- <br>Sent from my Android device with K-9 Mail. Please excuse my brevity.</body></html>