Ben Burk
2021-Jul-14 15:31 UTC
Doveadm encrypt/decrypt files manually with per-user folder keys
One more question and I think I should be ok. I just need to encrypt
unencrypted mails after having originally enabled mail_crypt.
I've determined how to decrypt encrypted mails from command line using
the private key for the mail folder, like so:
sudo -u vmail doveadm -o plugin/mail_crypt_private_password="${pass}"
mailbox cryptokey export -u user test | awk '/BEGIN PRIVATE KEY/,/END
PRIVATE KEY/' | sudo -u vmail tee /tmp/doveadm_HfztmQ-6192-3032
>/dev/null 2>&1
sudo -u vmail doveadm fs get crypt
private_key_path=/tmp/doveadm_HfztmQ-6192-3032:posix:prefix=/var/mail/domain/user/Maildir/test/cur/
1626274985.M269696P3026.smtp\,S\=11765\,W\=12153\:2\,S
However, I'm still not sure how I'm supposed to export the public key to
do the encryption operation on unencrypted mail. The only keys that I've
been able to export for this folder-key system are the private keys per
folder and the private keys for the user:
sudo -u vmail doveadm -o plugin/mail_crypt_private_password="${pass}"
mailbox cryptokey export -u user test
sudo -u vmail doveadm -o plugin/mail_crypt_private_password="${pass}"
mailbox cryptokey export -u user -U
I've tried with
On 7/12/21 1:25 AM, Aki Tuomi wrote:> Try
>
> sudo -u vmail doveadm -o
plugin/mail_crypt_private_password="${pass}" mailbox cryptokey export
-u user '*'
>
> (note the '*')
>
> Aki
>
>> --
>> Ben Burk
>> BURK.TECH System Administrator
--
Ben Burk
BURK.TECH System Administrator
Aki Tuomi
2021-Jul-14 16:00 UTC
Doveadm encrypt/decrypt files manually with per-user folder keys
> On 14/07/2021 18:31 Ben Burk <ben at burk.tech> wrote: > > > One more question and I think I should be ok. I just need to encrypt > unencrypted mails after having originally enabled mail_crypt. > > > I've determined how to decrypt encrypted mails from command line using > the private key for the mail folder, like so: > > > sudo -u vmail doveadm -o plugin/mail_crypt_private_password="${pass}" > mailbox cryptokey export -u user test | awk '/BEGIN PRIVATE KEY/,/END > PRIVATE KEY/' | sudo -u vmail tee /tmp/doveadm_HfztmQ-6192-3032 > >/dev/null 2>&1 > > sudo -u vmail doveadm fs get crypt > private_key_path=/tmp/doveadm_HfztmQ-6192-3032:posix:prefix=/var/mail/domain/user/Maildir/test/cur/ > 1626274985.M269696P3026.smtp\,S\=11765\,W\=12153\:2\,S > > > However, I'm still not sure how I'm supposed to export the public key to > do the encryption operation on unencrypted mail. The only keys that I've > been able to export for this folder-key system are the private keys per > folder and the private keys for the user: > > > sudo -u vmail doveadm -o plugin/mail_crypt_private_password="${pass}" > mailbox cryptokey export -u user test > > sudo -u vmail doveadm -o plugin/mail_crypt_private_password="${pass}" > mailbox cryptokey export -u user -U > > > > I've tried with > > On 7/12/21 1:25 AM, Aki Tuomi wrote: > > Try > > > > sudo -u vmail doveadm -o plugin/mail_crypt_private_password="${pass}" mailbox cryptokey export -u user '*' > > > > (note the '*') > > > > Aki > > > >> -- > >> Ben Burk > >> BURK.TECH System Administrator > > -- > Ben Burk > BURK.TECH System AdministratorI don't think you can realistically encrypt those emails by hand. I mean with maildir it's "doable", but will require doing it with some external script. Maybe use `doveadm import` to import them from somewhere? Aki