emordin
2019-May-31 02:21 UTC
[mail-crypt-plugin] Password Query for Folder Keys questions
So I believe I generated a key successfully with:
'doveadm mailbox cryptokey generate -u user -UR' because I got the
output with the check mark and the Public ID string of characters.
However I still can't read the CRYPTED emails when logging in with IMAP..
i'm still getting the following error in the mail log:
Error: read() failed: read(/var/vmail/[domain .
com/user/Maildir/cur/](http://domain.com/user/Maildir/cur/)<email_index>)
failed: Private key not available: Cannot decrypt key ... : error:03070068:big
num routines:BN_mpi2bn:encoding error
I've tried to list the key with 'doveadm mailbox cryptokey list -u
user' but I'm only getting the following output:
Folder Active Public ID
And I've tried to create a password with 'doveadm mailbox cryptokey
password -u user -n Password1' and I'm getting the following output:
result: dcrypt_key_load_private(...) failed: password missing
Also my settings in conf.d:
10-mail.conf -
mail_attribute_dict = file:%h/Maildir/dovecot-attributes
mail_plugins = $mail_plugins mail_crypt
plugins{
mail_crypt_curve = secp512r1
mail_crypt_save_version = 2
mail_crypt_require_encrypted_user_key = yes
}
20-lmtp.conf -
protocol lmtp{
mail_plugins = $mail_plugins sieve
}
And my settings in dovecot-sql.conf.ext:
driver = mysql
connect = host=127.0.0.1 dbname=mailserver user=mailuser password=1234
password_query = SELECT email as user,password, '%w' AS
userdb_mail_crypt_private_password FROM virtual_users WHERE email='%u';
In the virtual_users table I have:
id, domain_id, email, password
Any ideas what the issue may be?
Also am I suppose to add the 'userdb_mail_crypt_private_password' into
the table and put the virtual users email login password in there? Or is it
suppose to be a temporary query?
Thanks.
Sent with [ProtonMail](https://protonmail.com) Secure Email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20190531/3812203c/attachment-0001.html>
Aki Tuomi
2019-May-31 06:43 UTC
[mail-crypt-plugin] Password Query for Folder Keys questions
> On 31 May 2019 05:21 emordin via dovecot <dovecot at dovecot.org> wrote: > > > So I believe I generated a key successfully with: > 'doveadm mailbox cryptokey generate -u user -UR' because I got the output with the check mark and the Public ID string of characters. > > However I still can't read the CRYPTED emails when logging in with IMAP.. i'm still getting the following error in the mail log: > Error: read() failed: read(/var/vmail/domain . com/user/Maildir/cur/ (http://domain.com/user/Maildir/cur/)<email_index>) failed: Private key not available: Cannot decrypt key ... : error:03070068:big num routines:BN_mpi2bn:encoding error > > I've tried to list the key with 'doveadm mailbox cryptokey list -u user' but I'm only getting the following output: > Folder Active Public ID > And I've tried to create a password with 'doveadm mailbox cryptokey password -u user -n Password1' and I'm getting the following output: > result: dcrypt_key_load_private(...) failed: password missing >Can you try doveadm -o plugin/mail_crypt_private_password=desired_password mailbox cryptokey generate -u user -UR Aki
Possibly Parallel Threads
- bash script hook lda_mailbox_autocreate for generate mail-crypt user encrypted private key with user password
- Best mail encryption solution for per-user
- Best mail encryption solution for per-user
- Best mail encryption solution for per-user
- Best mail encryption solution for per-user