[mail-crypt-plugin] Private key location in Folder Key Mode
Nice. It worked but I think there is a little output error (probably not a big issue): When I type the following command I get this output: user'@'host:~$ doveadm -o plugin/mail_crypt_private_private_password=1234 mailbox cryptokey export -u username -U /var/vmail/domain/username/Maildir/dovecot-attributes Folder: Public ID: Error: -BEGIN PRIVATE KEY- -END PRIVATE KEY- And when I type the following command I get this output: user'@'host:~$ doveadm mailbox cryptokey export -u username -U /var/vmail/domain/username/Maildir/dovecot-attributes Folder: Public ID: Error: ERROR: error:03070068:bignum routines:BN_mpi2bn:encoding error Key: So in the first command the private key shows but it's under Error, and I believe it should be under Key. Thanks again. Sent with [ProtonMail](https://protonmail.com) Secure Email.
[mail-crypt-plugin] Private key location in Folder Key Mode
Hi, So I am trying to locate the private key in dovecot-attributes but I can't seem to find it. I have went thru the strings in the file with the lib-dcrypt document as a guide but the private key doesn't seem to be in there. I'm guessing the private key is an internal attribute located here '/private/vendor/vendor.dovecot/pvt' , but according to the mail-attribute.h file that location is not accessible. Is this true? Or is there a way to see the private key? Thanks. Sent with [ProtonMail](https://protonmail.com) Secure Email.
[mail-crypt-plugin] Password Query for Folder Keys questions
> Can you try rm dovecot-attributes file? Okay it worked. I kinda did that by 'rm -rf' the entire /var/vmail/domain, and then I ran the following: doveadm -o plugin/mail_crypt_private_password=desired_password mailbox cryptokey generate -u user -UR And I got the check mark and the ID string of characters. I sent a new email to the server, and was able to open and read the email =) I got confused on the docs... So only if using unencrypted folder keys, could I open a CRYPTED email and read it right away. But if using encrypted folder keys, first I would have to set a password for the key before I could open the CRYPTED email ? I thought logging in to the mailbox would connect the password to the key automatically. Thanks again. Sent with [ProtonMail](https://protonmail.com) Secure Email.
[mail-crypt-plugin] Password Query for Folder Keys questions
So when I tried this way I got the following output: user'@'host:~$ doveadm -o plugin/mail_crypt_private_password=desired_password mailbox > cryptokey generate -u user -UR user'@'host:~$ And when I tried this way I got the following output: user'@'host:~$doveadm -o plugin/mail_crypt_private_password=desired_password mailbox cryptokey generate -u user -UR Folder Public ID user'@'host:~$ In both cases I sent a new email to the server, and I got errors stating the mailbox can't be opened Sent with [ProtonMail](https://protonmail.com) Secure Email.
(4) [mail-crypt-plugin] Password Query for Folder Keys questions
>> Can you try >> >> doveadm -o plugin/mail_crypt_private_password=desired_password mailbox > cryptokey generate -u user -UR >> >> Aki > > I tried that and got the following: > > [user at host](https://dovecot.org/mailman/listinfo/dovecot) :~$ doveadm -o plugin/mail_crypt_private_password=desired_password mailbox > cryptokey generate -u user -UR > > Folder Public ID > > [user at host](https://dovecot.org/mailman/listinfo/dovecot) :~$ > > Then I sent a new email to the mail server, and I checked it with mutt but > got 'Internal Error' 'error opening mailbox' and I > > checked the email with > Roundcube and I can see the subject header but when I open the email its just > blank. I apologize I forgot to add the '>', in the last one, so I added it and got this output: [user at host](https://dovecot.org/mailman/listinfo/dovecot):~$ doveadm -o plugin/mail_crypt_private_password=desired_password mailbox > cryptokey generate -u user -UR [user at host](https://dovecot.org/mailman/listinfo/dovecot):~$ However it still didn't work. I sent a new email and tried to access it with mutt and Roundcube and I still can't access the body message. Sent with [ProtonMail](https://protonmail.com) Secure Email.
[mail-crypt-plugin] Password Query for Folder Keys questions
> Can you try > > doveadm -o plugin/mail_crypt_private_password=desired_password mailbox > > cryptokey generate -u user -UR > > Aki I tried that and got the following: user@host:~$ doveadm -o plugin/mail_crypt_private_password=desired_password mailbox > cryptokey generate -u user -UR Folder Public ID user@host:~$ Then I sent a new email to the mail server, and I checked it with mutt but got 'Internal Error' 'error opening mailbox' and I checked the email with Roundcube and I can see the subject header but when I open the email its just blank. Sent with [ProtonMail](https://protonmail.com) Secure Email.
[mail-crypt-plugin] Password Query for Folder Keys questions
So I believe I generated a key successfully with:
'doveadm mailbox cryptokey generate -u user -UR' because I got the output with
the check mark and the Public ID string of characters.
However I still can't read the CRYPTED emails when logging in with IMAP.. i'm
still getting the following error in the mail log:
Error: read() failed: read(/var/vmail/[domain .
com/user/Maildir/cur/](http://domain.com/user/Maildir/cur/))
failed: Private key not available: Cannot decrypt key ... : error:03070068:big
num routines:BN_mpi2bn:encoding error
I've tried to list the key with 'doveadm mailbox cryptokey list -u user' but
I'm only getting the following output:
Folder Active Public ID
And I've tried to create a password with 'doveadm mailbox cryptokey password -u
user -n Password1' and I'm getting the following output:
result: dcrypt_key_load_private(...) failed: password missing
Also my settings in conf.d:
10-mail.conf -
mail_attribute_dict = file:%h/Maildir/dovecot-attributes
mail_plugins = $mail_plugins mail_crypt
plugins{
mail_crypt_curve = secp512r1
mail_crypt_save_version = 2
mail_crypt_require_encrypted_user_key = yes
}
20-lmtp.conf -
protocol lmtp{
mail_plugins = $mail_plugins sieve
}
And my settings in dovecot-sql.conf.ext:
driver = mysql
connect = host=127.0.0.1 dbname=mailserver user=mailuser password=1234
password_query = SELECT email as user,password, '%w' AS
userdb_mail_crypt_private_password FROM virtual_users WHERE email='%u';
In the virtual_users table I have:
id, domain_id, email, password
Any ideas what the issue may be?
Also am I suppose to add the 'userdb_mail_crypt_private_password' into the
table and put the virtual users email login password in there? Or is it suppose
to be a temporary query?
Thanks.
Sent with [ProtonMail](https://protonmail.com) Secure Email.
[mail-crypt-plugin] Password Query for Folder Keys questions
Please disregard the previous question. But I have another... I have set up Folder Key encryption, and have sent an email to my mail server which is CRYPTED, however when I try to login to read the email I'm getting a 'Private key not available: Cannot decrypt <...>: error:03070068:bignum routines:BN_mpi2bn:encoding error'. I've tried to list the user key and generate a new keypair two different ways and have gotten the following output: doveadm mailbox cryptokey list -U user output: Folder Active Public ID doveadm mailbox cryptokey generate -u user -U output:Folder Public ID doveadm mailbox cryptokey generate -u user -Uf output: Panic: file doveadm-mail.c: line 405 (doveadm_mail_next_user): assertion failed: (ctx->exit_code !=0) Error: Raw backtrace: . Aborted Any advice? Sent with [ProtonMail](https://protonmail.com) Secure Email.
[mail-crypt-plugin] Password Query for Folder Keys questions
In Folder key plugin operation mode, using the following password query: password_query = SELECT \ email as user, password, \ '%w' AS userdb_mail_crypt_private_password \ FROM virtual_users WHERE email='%u'; Say I have two 'email' users...will each 'email' have a 'userdb_mail_crypt_private_password' field with a plaintext password (%w) in it? And is the 'userdb_mail_crypt_private_password' used automatically to decrypt the user private key which is stored in 'mail_attribute_dict' ? Sent with [ProtonMail](https://protonmail.com) Secure Email.
[mail-crypt-plugin] How to decrypt mailbox?
How do I enable the mail-crypt-plugin globally? Do I have to place 'mail_plugins = $mail_plugins mail_crypt' inside ever conf.d file where there is a protocol code block? Like for example the protocol lda codeblock in 15-lda.conf and the protocol imap codeblock in 20-imap.conf I placed 'mail_plugins = $mail_plugins mail_crypt' in 20-lmtp.conf inside the protocol lmtp code block, and the actual plugin settings are inside 90-plugin.conf inside the plugin codeblock. And I was able to get CRYPTED mail with this config. If I place 'mail_plugins = $mail_plugins mail_crypt' inside 90-plugin.conf, I get an error telling me to put 'mail_plugins = $mail_plugins mail_crypt' in 20-lmtp.conf Sent with [ProtonMail](https://protonmail.com) Secure Email.
[mail-crypt-plugin] How to decrypt mailbox?
Hi, So I am able to encrypt email using the crypt plugin, but when I try to access the email by logging in thru mutt or roundcube the email is still encrypted. Is the decryption process automatic or do I have to create a custom program with the decrypt.rb code? Thanks. Sent with [ProtonMail](https://protonmail.com) Secure Email.
Setting up individual encrypted user keys using mail-crypt-plugin
Hi, I have setup up a simple mail server using the ISPMail tutorial and I'm trying to learn how to create email encryption at rest. I'm having a tough time understanding how to set this up... So say a user logins thru roundcube and they type in their password...so the password authenticates to the mysql database which is storing their encrypted private key?? And once they access that private key, how do they use that private key to unencrypt their mailbox? I'm a super noob at this, and I may be off, but I don't know where to start when it comes to setting this up... if I'm way off could you just recommend some tutorials or other basics I should learn first before moving on to setting this up? Sent with [ProtonMail](https://protonmail.com) Secure Email.
