Is any of the password schemes supported or is there a reason you chose pkcs5?
4. Sep. 2019, 08:45 von [email protected]: > > It should pick up the password used by the user, there is a caveat here > though. The keypair is created on first use, so password will be > initialized to empty string going thru pkcs5. This is slightly > inconvenient. > > > To avoid this, you should probably have > > > protocol imap { > > > passdb { > > > driver = static > > > args > =userdb_mail_crypt_private_password=%{pkcs5,salt=%u,format=base64:password} > > > } > > > and initialize the keypair using doveadm and set the password to this > value there. > > > > > > This requires some user management tools though so that the password is > changed with doveadm when user changes their password. > > > Another alternative is to keep the private password in database, you can > use the var expand encryption plugin to make sure it's decryptable with > the user's password. See > > https://doc.dovecot.org/configuration_manual/config_file/config_variables/ > <https://doc.dovecot.org/configuration_manual/config_file/config_variables/>> > for details. > > > Key management is pretty much the most difficult thing in mail crypt > plugin =) > > > Aki > > > > > On 4.9.2019 9.40, info--- via dovecot wrote: > >> Do I have to replace the "password" part with the actual password or >> can I just copy it like that? >> >> Will dovecot create the keypair automatically or do I have to use >> doveadm? >> >> >> 4. Sep. 2019, 08:33 von >> [email protected] >> <mailto:[email protected]>>> : >> >>> >>> >>> >>> On 4.9.2019 9.21, Dustin Schoenwolf via dovecot wrote: >>> >>>> Hello there, >>>> >>>> is there a way to make the mailcrypt plugin use the user's >>>> password or at least store it in a hashed value? >>>> >>>> I'm using a passwd file for authentication. >>>> >>>> I feel uncomfortable saving the private password in plaintext >>>> in that file. >>>> >>>> Regards >>>> >>> >>> >>> >>> >>> You can try in passdb return >>> >>> >>> userdb_mail_crypt_private_password=%{pkcs5,salt=%u,format=base64:password} >>> >>> >>> Aki >>> >>> >> >>
