similar to: MailCrypt: Encrypted user keys configuration with LDAP & cryptokey generate

Hi - perhaps someone can help me. Starting from a good and well-functioning mailserver setup, I have installed MailCrypt as per the instructions (I think) to have the per-user passworded keys setup. dovecot.conf /Added:/ mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_plugins = $mail_plugins mail_crypt dovecot-sql.conf.ext /commented this/ #password_query = SELECT email as user,

Hello everyone, I successfully set up the mail_crypt plugin using folder keys, and require user's key to be encrypted with a password using mail_crypt_require_encrypted_user_key = yes. As I'm trying to streamline the process of creating a user, and want to develop an application in PHP to help me in that process, I'm very interested in the doveadm HTTP API. Although the

I try to use Mailcrypt encrypted user keys with conjustion with dbsync replication(Dovecot 2.3.6 in FreeBSD 12.0 enviroment) but was unsuccessful. If I provide a password in mail_crypt_private_password variable directly in Dovecot config all things works as expected plugin { mail_crypt_curve = prime256v1 mail_crypt_save_version = 2 mail_crypt_require_encrypted_user_key = yes

Hi everybody, I have a question about the Dovecot Mailcrypt Plugin. I'm trying to understand what the security of this plugin is based on. The encryption with private and public key and elliptic curves is basically a good thing. But the keys are in the file system together with the encrypted mails. The passwords for the private keys are in the user database. I guess the passwords have to

Aki really thanks for reply,, I hope for continue the conversation, >> Do you have advice about Dovecot plugins for mail encryption: >> >> https://wiki2.dovecot.org/Plugins/MailCrypt >> https://0xacab.org/riseuplabs/trees >> >> I like NaCL based encryption but the MailCrypt plugin is better >> because it's maintained by Dovecot developers (is this

Hi, we have a problem. Command "doveadm mailbox cryptokey" does not work: # doveadm mailbox cryptokey usage: doveadm [-Dv] [-f <formatter>] mailbox <command> [<args>] create [-u <user>|-A] [-S <socket_path>] [-s] [-g <guid>] <mailbox> [...] delete [-u <user>|-A] [-S <socket_path>] [-e] [-r] [-s] [-Z] <mailbox>

Hai, Do you have advice about Dovecot plugins for mail encryption: https://wiki2.dovecot.org/Plugins/MailCrypt https://0xacab.org/riseuplabs/trees I like NaCL based encryption but the MailCrypt plugin is better because it's maintained by Dovecot developers (is this correct?) Hard to understand MailCrypt docs so may I ask, may I provide per user encryption? I don't like global

> > You forgot to load mail_crypt plugin. > > mail_plugins = $mail_plugins mail_crypt > With these settings also. # dovecot -n ..... mail_location = mbox:~/mail:INBOX=/var/mail/%u mail_plugins = " mail_crypt" mbox_write_locks = fcntl ..... # service dovecot restart # doveadm mailbox cryptokey usage: doveadm [-Dv] [-f ......... # ls /usr/lib64/dovecot/modules/* | grep

On 12.01.2017 16:05, Evgeniy Korneechev wrote: > Hi, we have a problem. > Command "doveadm mailbox cryptokey" does not work: > > # doveadm mailbox cryptokey > usage: doveadm [-Dv] [-f <formatter>] mailbox <command> [<args>] > create [-u <user>|-A] [-S <socket_path>] [-s] [-g <guid>] <mailbox> [...] > delete

Hello there, is there a way to make the mailcrypt plugin use the user's password or at least store it in a hashed value? I'm using a passwd file for authentication. I feel uncomfortable saving the private password in plaintext in that file. Regards -------------- next part -------------- An HTML attachment was scrubbed... URL:

I read the mailcrypt plugin document on the wiki and had couple questions. 1. If I want per-user encryption am I correct I should configure global keys with all related settings override in the userdb lookup? 2. If I do not want to encrypt some user accounts, is it enough to omit the mail_crypt_global_private_key from the userdb lookup? In other word, mail_plugins still active with

On 4.9.2019 9.21, **** **** via dovecot wrote: > Hello there, > > is there a way to make the mailcrypt plugin use the user's password or > at least store it in a hashed value? > > I'm using a passwd file for authentication. > > I feel uncomfortable saving the private password in plaintext in that > file. > > Regards You can try in passdb return

It should pick up the password used by the user, there is a caveat here though. The keypair is created on first use, so password will be initialized to empty string going thru pkcs5. This is slightly inconvenient. To avoid this, you should probably have protocol imap { ??? passdb { ????? driver = static ????? args = userdb_mail_crypt_private_password=%{pkcs5,salt=%u,format=base64:password} }

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 14/09/2019 16:08 Daniel Niewerth via dovecot < <a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote: </div>

Do I have to replace the "password" part with the actual password or can I just copy it like that? Will dovecot create the keypair automatically or do I have to use doveadm? 4. Sep. 2019, 08:33 von aki.tuomi at open-xchange.com: > > > > On 4.9.2019 9.21, **** **** via dovecot wrote: > >> Hello there, >> >> is there a way to make the

Is any of the password schemes supported or is there a reason you chose pkcs5? 4. Sep. 2019, 08:45 von aki.tuomi at open-xchange.com: > > It should pick up the password used by the user, there is a caveat here though. The keypair is created on first use, so password will be initialized to empty string going thru pkcs5. This is slightly inconvenient. > > > To avoid

Quoting tai74 at vfemail.net: > Aki really thanks for reply,, I hope for continue the conversation, > >>> Do you have advice about Dovecot plugins for mail encryption: >>> >>> https://wiki2.dovecot.org/Plugins/MailCrypt >>> https://0xacab.org/riseuplabs/trees >>> >>> I like NaCL based encryption but the MailCrypt plugin is better

> Technically creating and encrypting folder key does not > require decrypting user's private key. All folder keys > are encrypted with user's public key. Problem is for that this is a new user. The new user has no private key. I need for generating that private key. It do not the sense encrypts something using a key public if there is no private key. Both key public and private

What it is way most best for causing bash script run (as root) of time mailbox created (lda_mailbox_autocreate)? I use dovecot 2.3.4.1 in Debian 10. And I use of mail-crypt-plugin https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/ I setup mail-crypt for requiring user encrypted EC key (mail_crypt_require_encrypted_user_key = yes). I want for passphrase encrypt EC key using client