search for: mail_crypt_global_public_key

...ecot.fi> >>> ????: "dovecot" <dovecot at dovecot.org> >>> ????????????: ???????, 13 ?????? 2017 ? 14:18:55 >>> ????: Re: Plugin "mail_crypt" does not work >> >>> On 13.01.2017 12:21, Evgeniy Korneechev wrote: >>>> mail_crypt_global_public_key = </etc/dovecot/eckey/ecpubkey.pem >>> >>> Is this world-wide readable file? Is LDA able to access this? >>> >>> Aki >> >> -- >> WBR, >> BaseALT/ALTLinux Team > > -- > WBR, > BaseALT/ALTLinux Team -- WBR, BaseALT/ALTL...

...doc.dovecot.org/configuration_manual/mail_crypt_plugin/#global-keys /"A good solution for environments where no user folder sharing is needed is to generate per-user EC key pair and encrypt that with something derived from user?s password."/ I am setting mail_crypt_global_private_key, mail_crypt_global_public_key, mail_crypt_save_version from user_query and userdb_mail_crypt_global_private_key_password from password_query. mail_crypt seems to work fine in imap (I saved a message as draft and it is stored encrypted on the disk), but lmtp complains about "mail_crypt_global_private_key_password unset,...

Hi, i have a problem. I sent test e-mail. It is in folder "Sent", but it was not delivered (folder "Inbox" is empty). /var/log/dovecot: ......... lda(mail at example.com): Error: User initialization failed: mail_crypt_plugin: mail_crypt_global_public_key: Couldn't parse public key: Unknown key format ......... Try RSA and EC: https://wiki2.dovecot.org/Plugins/MailCrypt#RSA_key https://wiki2.dovecot.org/Plugins/MailCrypt#EC_key Why "Unknown key format"? RSA pubkey: -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4h...

...ybe I'm not?! >> -Dave > > Hi! > Maybe the key you tried was not used to encrypt the file? > Aki Aki, it's the same key I've used in the config for the mail_crypt plugin in 90-plugin.conf: plugin { ? mail_crypt_global_private_key = <[PATH_TO_PRIVATE_KEY] ? mail_crypt_global_public_key = <[PATH_TO_PUBLIC_KEY] ? mail_crypt_save_version = 2 } That's the private key that's encrypting all of the messages successfully, so that's the one I would use with script, correct? -Dave

Hi! Some replies: 1. the problem with mail_crypt_global_public_key, there is a bug that we are fixing where file inputs under plugin { } section do not get aboard. workaround 1: You can base64 encode the PEM key (yes, again), and put it in one line such as plugin { mail_crypt_global_public_key = LS0tLS1C..... } workaround 2: Return the key from userdb, you c...

...t; ??: "Aki Tuomi" <aki.tuomi at dovecot.fi> > ????: "dovecot" <dovecot at dovecot.org> > ????????????: ???????, 13 ?????? 2017 ? 14:18:55 > ????: Re: Plugin "mail_crypt" does not work > On 13.01.2017 12:21, Evgeniy Korneechev wrote: >> mail_crypt_global_public_key = </etc/dovecot/eckey/ecpubkey.pem > > Is this world-wide readable file? Is LDA able to access this? > > Aki -- WBR, BaseALT/ALTLinux Team

...cess to Maildir messages in plaintext. I've found numerous threads detailing help with mail_crypt setup, but none of my research has yielded a method of decrypting the stored messages. Relevant plugin config: mail_crypt_curve = prime256v1 mail_crypt_global_private_key = <pirvkey> mail_crypt_global_public_key = <pubkey> mail_crypt_save_version = 2 Method I attempted for manual decryption is listed below: openssl pkeyutl -derive -inkey mailcrypt.key -peerkey mailcrypt.pub -out shared_secret.bin openssl enc -aes256 -base64 -k $(base64 shared_secret.bin) -d -in test.enc -out test.txt Openssl rep...

...rsion: 2.2.22 (fe789d2) I generated an EC key from the page https://wiki2.dovecot.org/Plugins/. For reference here's my /etc/dovecot/conf.d/10-mail-crypt.conf file: ---- mail_plugins = $mail_plugins mail_crypt plugin { # mail_crypt_global_private_key = </etc/dovecot/ecprivkey.pem mail_crypt_global_public_key = </etc/dovecot/ecpubkey.pem mail_crypt_save_version = 2 } ---- I saw in a previous message on this mailing list that messages can be encrypted without the private key, so it's stored elsewhere. :-) After restarting dovecot and sending myself a message I found that the message was st...

...and outgoing emails. Outgoing emails seem to get encrypted fine but the incoming ones don't. We tried everything including this config: mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_plugins = $mail_plugins mail_crypt plugin { mail_crypt_global_private_key = <ecprivkey.pem mail_crypt_global_public_key = <ecpubkey.pem mail_crypt_save_version = 2 } also this one: plugin { mail_crypt_curve = prime256v1 mail_crypt_save_version = 2 } but to no avail. There are no visible errors, Dovecot restarts fine and outgoing emails get encrypted. Any ideas? -- Kind Regards, Support Team...

On 13.01.2017 12:21, Evgeniy Korneechev wrote: > mail_crypt_global_public_key = </etc/dovecot/eckey/ecpubkey.pem Is this world-wide readable file? Is LDA able to access this? Aki

...ot; <aki.tuomi at dovecot.fi> >> ????: "dovecot" <dovecot at dovecot.org> >> ????????????: ???????, 13 ?????? 2017 ? 14:18:55 >> ????: Re: Plugin "mail_crypt" does not work > >> On 13.01.2017 12:21, Evgeniy Korneechev wrote: >>> mail_crypt_global_public_key = </etc/dovecot/eckey/ecpubkey.pem >> >> Is this world-wide readable file? Is LDA able to access this? >> >> Aki > > -- > WBR, > BaseALT/ALTLinux Team -- WBR, BaseALT/ALTLinux Team

...- If mail-crypt has both private and public key in its configuration, does that not defeat the purpose of the whole thing? Anyone with access to the disk will be able to read everything? Regarding the settings: mail_crypt_global_private_key(_n) - Private key to decrypt files, you can specify many mail_crypt_global_public_key - Public key to use to encrypt files, you can specify one - How does this work? What does mail-crypt do when multiple private keys are specified? mail_crypt_private_key - Private key to decrypt user's master key, can be base64 encoded mail_crypt_private_password - Password to decrypt user'...

Per the Dovecot site here: https://wiki.dovecot.org/Plugins/MailCrypt ... the "decrypt.rb" ruby script can be used to decrypt a Dovecot-encrypted message file from the command line.? The script sort of runs successfully for me, in the sense that it doesn't error out, but it doesn't show the decrypted message. I've called it like so: decrypt.rb -k

...t; > Hi! > > Maybe the key you tried was not used to encrypt the file? > > Aki > > Aki, it's the same key I've used in the config for the mail_crypt > plugin in 90-plugin.conf: > > plugin { > ? mail_crypt_global_private_key = <[PATH_TO_PRIVATE_KEY] > ? mail_crypt_global_public_key = <[PATH_TO_PUBLIC_KEY] > ? mail_crypt_save_version = 2 > } > > That's the private key that's encrypting all of the messages > successfully, so that's the one I would use with script, correct? > -Dave > Yes. I gave it a try here, and it seems to work. Does it gi...

Hi, I have setup up a simple mail server using the ISPMail tutorial and I'm trying to learn how to create email encryption at rest. I'm having a tough time understanding how to set this up... So say a user logins thru roundcube and they type in their password...so the password authenticates to the mysql database which is storing their encrypted private key?? And once they access that

...and outgoing emails. Outgoing emails seem to get encrypted fine but the incoming ones don't. We tried everything including this config: mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_plugins = $mail_plugins mail_crypt plugin { mail_crypt_global_private_key = <ecprivkey.pem mail_crypt_global_public_key = <ecpubkey.pem mail_crypt_save_version = 2 } also this one: plugin { mail_crypt_curve = prime256v1 mail_crypt_save_version = 2 } but to no avail. There are no visible errors, Dovecot restarts fine and outgoing emails get encrypted. Any ideas? -------------- next part ----------...

...ion = mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { auto = create special_use = \Sent } prefix = INBOX. separator = . type = private } passdb { driver = plesk } plugin { mail_crypt_global_private_key = <ecprivkey.pem mail_crypt_global_public_key = <ecpubkey.pem mail_crypt_save_version = 2 quota = maildir:User quota quota_grace = 0 sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_logout_format = rcvd=%i, sent=%o, top=%t/%p, retr=%r/%b...

...ieve/report-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * last_login_dict = proxy::lastlogin last_login_key = # hidden, use -P to show it mail_crypt_curve = prime256v1 mail_crypt_global_private_key = # hidden, use -P to show it mail_crypt_global_public_key = # hidden, use -P to show it mail_crypt_save_version = 2 mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size quota = count:User quota quota_exceeded_message = Storage quota for this account has been exceeded, please try again...

...ox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = . } passdb { driver = pam } plugin { acl = vfile mail_crypt_global_private_key = <### redacted ### mail_crypt_global_public_key = <### redacted ### mail_crypt_save_version = 2 stats_memory_limit = 16 M stats_refresh = 30 secs stats_track_cmds = yes } postmaster_address = ### redacted ### protocols = imap service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660...

...ieve/report-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * last_login_dict = proxy::lastlogin last_login_key = # hidden, use -P to show it mail_crypt_curve = prime256v1 mail_crypt_global_private_key = # hidden, use -P to show it mail_crypt_global_public_key = # hidden, use -P to show it mail_crypt_save_version = 2 mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size quota = count:User quota quota_exceeded_message = Storage quota for this account has been exceeded, please try again...