This is the error I get in the dovecot logs when a user tries to access a shared mailbox encrypted with another user's folder key:
Jul 11 18:45:27 prokyon dovecot: imap(us...@mydomain.net)<5015><bTtn0zgABpP9EChC8NEBAa8xnEHdawfA>: Error: Mailbox Shared/us...@mydomain.net/INBOX: UID=2306: read() failed: read(/home/vmail/mydomain.net/user2/cur/1689031994.M621413P6856.prokyon,S=774,W=790:2,S) failed: Decryption error: no private key available (read reason=) Jul 11 18:45:27 prokyon dovecot: imap(us...@mydomain.net)<5015><bTtn0zgABpP9EChC8NEBAa8xnEHdawfA>: FETCH failed: Internal error occurred. Refer to server log for more information. [2023-07-11 18:45:27] in=526 out=1604 deleted=0 expunged=0 trashed=0 hdr_count=1 hdr_bytes=0 body_count=0 body_bytes=0 ACLs allowing access are set. Robert Am Dienstag, dem 11.07.2023 um 18:10 +0200 schrieb Robert Senger: > Hi all, > > I am trying to setup mailbox sharing (not public mailboxes) together > with mail-crypt plugin and encrypted folder keys. > > According to the source code of the mail-crypt plugin (there's code > trying to retrieve private keys for shared mailboxes), and its > documentation, this should be possible: > > ----- > If you are using global keys, mails can be shared within the key > scope. > The global key can be provided with several different scopes: > > Global scope: key is configured in dovecot.conf file > > Per-user(group) scope: key is configured in userdb file > > With folder keys, key sharing can be done to single user, or multiple > users. When key is shared to single user, and the user has public key > available, the folder key is encrypted to recipient’s public key. > > If you have mail_crypt_acl_require_secure_key_sharing enabled, you > can’t share the key to groups or someone with no public key. > ----- > > The documentation mentions key sharing, but I have no idea how this > could be implemented, and did not find anything else than this mail- > crypt documentation in the whole web... > > I assume that I need to export the user key of the users's folder > that > should be shared, and import it into the receiving users keys, > encrypted with the receiving user's key. > > Is that right? Any hints how to do that? > > Regards, > > Robert > > -- > Robert Senger > > > > _______________________________________________ > dovecot mailing list -- dovecot@dovecot.org > To unsubscribe send an email to dovecot-le...@dovecot.org -- Robert Senger _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
