search for: mail_crypt_private_password

...; Those passwords are stored in a mysql DB file. ( I used a guide from workaround [dot] org to set up >>> the DB and postfix/dovecot) >>> >>> but how would i set it so, that the users password from the DB is used to encrypt the keys? >>> >>> should i use mail_crypt_private_password = ? >>> how do i point it to the mysql db then? >>> im unsure about this >>> >>> Do you have any hints on this? >>> >>> Kind regards, >>> Zjemm >>> >>> The passwords in your MySQL database are, hopefully, not in plaint...

Hello, I am using the mail_crypt plugin with Dovecot 2.3 and have issues trying to use a mail crypt private password which contains a percent "%" character as you can see below: $ doveadm -o plugin/mail_crypt_private_password=SomethingWith\%Percent mailbox cryptokey generate -u email at domain.tld -URf doveadm(email at domain.tld): Error: Failed to expand plugin setting mail_crypt_private_password = 'SomethingWith%Percent': Unknown variable '%P' Note here that the percent is escaped with a backslash &q...

...e stored in a mysql DB file. ( I used a guide from workaround [dot] org to set up >>>> the DB and postfix/dovecot) >>>> >>>> but how would i set it so, that the users password from the DB is used to encrypt the keys? >>>> >>>> should i use mail_crypt_private_password = ? >>>> how do i point it to the mysql db then? >>>> im unsure about this >>>> >>>> Do you have any hints on this? >>>> >>>> Kind regards, >>>> Zjemm >>>> >>>> The passwords in your MySQL da...

...; Those passwords are stored in a mysql DB file. ( I used a guide from workaround [dot] org to set up >>> the DB and postfix/dovecot) >>> >>> but how would i set it so, that the users password from the DB is used to encrypt the keys? >>> >>> should i use mail_crypt_private_password = ? >>> how do i point it to the mysql db then? >>> im unsure about this >>> >>> Do you have any hints on this? >>> >>> Kind regards, >>> Zjemm >>> >>> The passwords in your MySQL database are, hopefully, not in plaint...

...d in a mysql DB file. ( I used a guide from workaround [dot] org to set up > >>> the DB and postfix/dovecot) > >>> > >>> but how would i set it so, that the users password from the DB is used to encrypt the keys? > >>> > >>> should i use mail_crypt_private_password = ? > >>> how do i point it to the mysql db then? > >>> im unsure about this > >>> > >>> Do you have any hints on this? > >>> > >>> Kind regards, > >>> Zjemm > >>> > >>> The passwords in y...

I try to use Mailcrypt encrypted user keys with conjustion with dbsync replication(Dovecot 2.3.6 in FreeBSD 12.0 enviroment) but was unsuccessful. If I provide a password in mail_crypt_private_password variable directly in Dovecot config all things works as expected plugin { mail_crypt_curve = prime256v1 mail_crypt_save_version = 2 mail_crypt_require_encrypted_user_key = yes mail_crypt_private_password = 12345 } but when I remove this and trying to get the same user passwor...

> > > Hello, > > I am using the mail_crypt plugin with Dovecot 2.3 and have issues trying to use a mail crypt private password which contains a percent "%" character as you can see below: > > $ doveadm -o plugin/mail_crypt_private_password=SomethingWith\%Percent mailbox cryptokey generate -u email at domain.tld -URf > > doveadm(email at domain.tld): Error: Failed to expand plugin setting mail_crypt_private_password = 'SomethingWith%Percent': Unknown variable '%P' > > Note here that the percent is escaped...

...them thru some hash / pkcs5 before that. That's a great idea and makes things even safer. I don't know much about PKCS5 but would SHA512 also be safe enough for hashing the password? SHA512 would then generate a 128 characters hash which I would then pass to the parameter "-o plugin/mail_crypt_private_password=" of my "doveadm mailbox cryptokey generate ..." command.

??????? Original Message ??????? On Tuesday, July 2, 2019 6:21 PM, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > Hi, you need to escape % with %%. We are aware of a bug affecting when % comes in from some field via userdb, and we are looking into how to fix this. Hi Aki, Thank you very much for your very fast answer. I will then simply double the percent character as workaround

...me hash / pkcs5 before that. > That's a great idea and makes things even safer. I don't know much about PKCS5 but would SHA512 also be safe enough for hashing the password? > > SHA512 would then generate a 128 characters hash which I would then pass to the parameter "-o plugin/mail_crypt_private_password=" of my "doveadm mailbox cryptokey generate ..." command. > It depends. You can use either one, see https://wiki2.dovecot.org/Variables I think the safest option would be setup LDAP so that the private password would be only readable by self, and have dovecot use bind authentica...

...quire_encrypted_user_key = yes). I want for passphrase encrypt EC key using client plaintext password. There is credential no stored on server. But for user with use password too bad, I concatenate user plaintext password with random salt. And then string to SHA512() hash and use as decryption key (mail_crypt_private_password) for EC private key. For above I have plugin config > mail_plugins = $mail_plugins mail_crypt > plugin { > mail_crypt_curve = secp256k1 > mail_crypt_require_encrypted_user_key = yes > mail_crypt_save_version = 2 > } And for returning userdb_mail_crypt_private_...

> > > ??????? Original Message ??????? > On Tuesday, July 2, 2019 6:21 PM, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > > Hi, you need to escape % with %%. We are aware of a bug affecting when % comes in from some field via userdb, and we are looking into how to fix this. > > Hi Aki, > > Thank you very much for your very fast answer. I will then

??????? Original Message ??????? On Tuesday, July 2, 2019 6:21 PM, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > Hi, you need to escape % with %%. We are aware of a bug affecting when % comes in from some field via userdb, and we are looking into how to fix this. Aki, I was wondering, does this bug also affect the changing of a cryptokey password using this command: $ doveadm

...only when you successfully >> log in to LDAP. > Good point regarding LDAP but right now I am using PostgreSQL as backend for storing my accounts and use the following "password_query" parameter: > > password_query = SELECT username AS user, password, '%w' AS userdb_mail_crypt_private_password FROM mailboxes WHERE username = '%u' > > So based on the Dovecot Variables wiki documentation you mention I could adapt my "password_query" parameter to the following in order to use a SHA512 hash of the password: > > password_query = SELECT username AS user, password,...

...you can export it only when you successfully > log in to LDAP. Good point regarding LDAP but right now I am using PostgreSQL as backend for storing my accounts and use the following "password_query" parameter: password_query = SELECT username AS user, password, '%w' AS userdb_mail_crypt_private_password FROM mailboxes WHERE username = '%u' So based on the Dovecot Variables wiki documentation you mention I could adapt my "password_query" parameter to the following in order to use a SHA512 hash of the password: password_query = SELECT username AS user, password, '%{sha512:w}&...

...passwords are stored in a mysql DB file. ( I used a guide from workaround [dot] org to set up > >> the DB and postfix/dovecot) > >> > >> but how would i set it so, that the users password from the DB is used to encrypt the keys? > >> > >> should i use mail_crypt_private_password = ? > >> how do i point it to the mysql db then? > >> im unsure about this > >> > >> Do you have any hints on this? > >> > >> Kind regards, > >> Zjemm > >> > >> The passwords in your MySQL database are, hopefully, n...

...rase > > > encrypt EC key using client plaintext password. There is credential no > > stored on server. But for user with use password too bad, I concatenate > > user plaintext password with random salt. And then string to SHA512() > hash > > and use as decryption key (mail_crypt_private_password) for EC private > > key. > > > > > For above I have plugin config > > > > > > mail_plugins = $mail_plugins mail_crypt > > plugin { > > mail_crypt_curve = secp256k1 > > mail_crypt_require_encrypted_user_key = yes > > mail_crypt_save_vers...

So when I tried this way I got the following output: user'@'host:~$ doveadm -o plugin/mail_crypt_private_password=desired_password mailbox > cryptokey generate -u user -UR user'@'host:~$ And when I tried this way I got the following output: user'@'host:~$doveadm -o plugin/mail_crypt_private_password=desired_password mailbox cryptokey generate -u user -UR Folder Public ID user'@'...

> Can you try > > doveadm -o plugin/mail_crypt_private_password=desired_password mailbox > cryptokey generate -u user -UR > > Aki I tried that and got the following: user at host:~$ doveadm -o plugin/mail_crypt_private_password=desired_password mailbox > cryptokey generate -u user -UR Folder Public ID user at host:~$ Then I sent a new email to...

>> Can you try >> >> doveadm -o plugin/mail_crypt_private_password=desired_password mailbox > cryptokey generate -u user -UR >> >> Aki > > I tried that and got the following: > > [user at host](https://dovecot.org/mailman/listinfo/dovecot) :~$ doveadm -o plugin/mail_crypt_private_password=desired_password mailbox > cryptokey gener...