Re: Setting up individual encrypted user keys using mail-crypt-plugin

2019-05-15 Thread Aki Tuomi via dovecot 

On 16.5.2019 4.32, emordin via dovecot wrote:
> Hi,
> I have setup up a simple mail server using the ISPMail tutorial and
> I'm trying to learn how to create email encryption at rest.
>
> I'm having a tough time understanding how to set this up...
>
> So say a user logins thru roundcube and they type in their
> password...so the password authenticates to the mysql database which
> is storing their encrypted private key?? And once they access that
> private key, how do they use that private key to unencrypt their mailbox?
>

You can export mail_crypt_global_private_key_password from userdb to
specify how to do derive password to decrypt the private key. Or just
provide it there. Private key should be exported as
mail_crypt_global_private_key variable in userdb, and the corresponding
public key mail_crypt_global_public_key.


> I'm a super noob at this, and I may be off, but I don't know where to
> start when it comes to setting this up... if I'm way off could you
> just recommend some tutorials or other basics I should learn first
> before moving on to setting this up?
>
>
> Sent with ProtonMail  Secure Email.
>

Aki

Setting up individual encrypted user keys using mail-crypt-plugin

2019-05-15 Thread emordin via dovecot 
Hi,
I have setup up a simple mail server using the ISPMail tutorial and I'm trying 
to learn how to create email encryption at rest.

I'm having a tough time understanding how to set this up...

So say a user logins thru roundcube and they type in their password...so the 
password authenticates to the mysql database which is storing their encrypted 
private key?? And once they access that private key, how do they use that 
private key to unencrypt their mailbox?

I'm a super noob at this, and I may be off, but I don't know where to start 
when it comes to setting this up... if I'm way off could you just recommend 
some tutorials or other basics I should learn first before moving on to setting 
this up?

Sent with [ProtonMail](https://protonmail.com) Secure Email.