Ben Harrison
2018-May-17 16:49 UTC
Decryption method for Maildir messages stored by mail_crypt plugin
I've successfully implemented the mail_crypt plugin on v2.2.27 and it's working like a champ, but some of our administrative operations require access to Maildir messages in plaintext. I've found numerous threads detailing help with mail_crypt setup, but none of my research has yielded a method of decrypting the stored messages. Relevant plugin config: mail_crypt_curve = prime256v1 mail_crypt_global_private_key = <pirvkey> mail_crypt_global_public_key = <pubkey> mail_crypt_save_version = 2 Method I attempted for manual decryption is listed below: openssl pkeyutl -derive -inkey mailcrypt.key -peerkey mailcrypt.pub -out shared_secret.bin openssl enc -aes256 -base64 -k $(base64 shared_secret.bin) -d -in test.enc -out test.txt Openssl reports an error reading the input file, but it isn't permissions related. I started looking for the encryption/decryption method in the source but figure it's worth seeing if there's some existing methodology I can employ here. Appreciate any feedback. Thanks, -- -- -- *Ben Harrison* *BHarrison.IT*843.492.4870 -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20180517/4c0107dd/attachment.html>
Aki Tuomi
2018-May-17 17:18 UTC
Decryption method for Maildir messages stored by mail_crypt plugin
> On 17 May 2018 at 19:49 Ben Harrison <bh at bharrison.it> wrote: > > > I've successfully implemented the mail_crypt plugin on v2.2.27 and it's > working like a champ, but some of our administrative operations require > access to Maildir messages in plaintext. > > I've found numerous threads detailing help with mail_crypt setup, but none > of my research has yielded a method of decrypting the stored messages. > > Relevant plugin config: > > mail_crypt_curve = prime256v1 > mail_crypt_global_private_key = <pirvkey> > mail_crypt_global_public_key = <pubkey> > mail_crypt_save_version = 2 > > Method I attempted for manual decryption is listed below: > > openssl pkeyutl -derive -inkey mailcrypt.key -peerkey mailcrypt.pub -out > shared_secret.bin > openssl enc -aes256 -base64 -k $(base64 shared_secret.bin) -d -in test.enc > -out test.txt > > Openssl reports an error reading the input file, but it isn't permissions > related. > > I started looking for the encryption/decryption method in the source but > figure it's worth seeing if there's some existing methodology I can employ > here. > > Appreciate any feedback. Thanks, > > -- > -- > -- > > *Ben Harrison* > > *BHarrison.IT*843.492.4870The file is not decryptable using openssl enc, since it's not encrypted using that method. To decrypt the file, you can use this ruby script https://gist.github.com/cmouse/882f2e2a60c1e49b7d343f5a6a2721de Or you can write one yourself, the mail crypt file format is documented at https://wiki.dovecot.org/Design/Dcrypt Aki