dovecot - Jan 2017 - Plugin "mail_crypt" - using folder keys

Hi, i have two questions about using "folder keys" for encryption:

1. If i use this method how can i decrypt files manually?

2. If move a letter to another folder (or remove it), it will be unreadable.
Log:
imap(cloud): Error: read() failed:
read(/home/cloud/Maildir/.Sent.test/cur/1485528498.M838579P2267....) failed:
Decryption error: no private key available (uid=5, box=Sent.test, read reason=)
imap(cloud): Info: Internal error occurred. Refer to server log for more
information.

or:
imap(cloud): Error: read() failed:
read(/home/cloud/Maildir/.Trash/cur/1485528906.M150750P3081....) failed:
Decryption error: no private key available

How fix it?

Thank you in advance.



------------------------------------------------
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.4.39-std-def-alt0.M80P.1 x86_64 ALT 8.1 Server 
.....
mail_attribute_dict = file:%h/Maildir/dovecot-attributes

mail_plugins = $mail_plugins mail_crypt

plugin {
    mail_crypt_curve = secp521r1
    mail_crypt_save_version = 2
}
.....

-- 
WBR, 
BaseALT/ALTLinux Team

Hi Evgeniy!


On 27.01.2017 16:58, Evgeniy Korneechev wrote:
> Hi, i have two questions about using "folder keys" for
encryption:
>
> 1. If i use this method how can i decrypt files manually?
You have to export the private key from mailbox attributes, see doveadm
mailbox cryptokey export.
> 2. If move a letter to another folder (or remove it), it will be
unreadable.
> Log:
> imap(cloud): Error: read() failed:
read(/home/cloud/Maildir/.Sent.test/cur/1485528498.M838579P2267....) failed:
> Decryption error: no private key available (uid=5, box=Sent.test, read
reason=)
> imap(cloud): Info: Internal error occurred. Refer to server log for more
information.
>
> or:
> imap(cloud): Error: read() failed:
read(/home/cloud/Maildir/.Trash/cur/1485528906.M150750P3081....) failed:
Decryption error: no private key available
>
> How fix it?
>
> Thank you in advance.
This seems to be a bug, and we are looking into it.

Aki

On 30.01.2017 09:15, Aki Tuomi wrote:
> Hi Evgeniy!
>
>
> On 27.01.2017 16:58, Evgeniy Korneechev wrote:
>> Hi, i have two questions about using "folder keys" for
encryption:
>>
>> 1. If i use this method how can i decrypt files manually?
> You have to export the private key from mailbox attributes, see doveadm
> mailbox cryptokey export.
>
I noticed that this is probably bit too short answer, but for longer
answer I'll write up information under

https://wiki.dovecot.org/Design/Dcrypt

soon.

Aki

Hi!
>> 2. If move a letter to another folder (or remove it), it will be
unreadable.
>> Log:
>> imap(cloud): Error: read() failed:
>> read(/home/cloud/Maildir/.Sent.test/cur/1485528498.M838579P2267....)
failed:
>> Decryption error: no private key available (uid=5, box=Sent.test, read
reason=)
>> imap(cloud): Info: Internal error occurred. Refer to server log for
more
>> information.
>>
>> or:
>> imap(cloud): Error: read() failed:
>> read(/home/cloud/Maildir/.Trash/cur/1485528906.M150750P3081....)
failed:
>> Decryption error: no private key available
>>
>> How fix it?
>>
>> Thank you in advance.
> This seems to be a bug, and we are looking into it.
Is the bug fixed in the new version (2.2.28)?

-- 
WBR, Korneechev Evgeniy
BaseALT/ALTLinux Team