PKCS5 is a password based key derivation function. The linked documentation has information what you can use here.
Aki On 4.9.2019 10.06, [email protected] wrote: > Is any of the password schemes supported or is there a reason you > chose pkcs5? > > > > 4. Sep. 2019, 08:45 von [email protected]: > > It should pick up the password used by the user, there is a caveat > here though. The keypair is created on first use, so password will > be initialized to empty string going thru pkcs5. This is slightly > inconvenient. > > To avoid this, you should probably have > > protocol imap { > > passdb { > > driver = static > > args = > userdb_mail_crypt_private_password=%{pkcs5,salt=%u,format=base64:password} > > } > > and initialize the keypair using doveadm and set the password to > this value there. > > > This requires some user management tools though so that the > password is changed with doveadm when user changes their password. > > Another alternative is to keep the private password in database, > you can use the var expand encryption plugin to make sure it's > decryptable with the user's password. See > https://doc.dovecot.org/configuration_manual/config_file/config_variables/ > for details. > > Key management is pretty much the most difficult thing in mail > crypt plugin =) > > Aki > > > On 4.9.2019 9.40, info--- via dovecot wrote: >> Do I have to replace the "password" part with the actual password >> or can I just copy it like that? >> >> Will dovecot create the keypair automatically or do I have to use >> doveadm? >> >> >> 4. Sep. 2019, 08:33 von [email protected] >> <mailto:[email protected]>: >> >> >> On 4.9.2019 9.21, Dustin Schoenwolf via dovecot wrote: >>> Hello there, >>> >>> is there a way to make the mailcrypt plugin use the user's >>> password or at least store it in a hashed value? >>> >>> I'm using a passwd file for authentication. >>> >>> I feel uncomfortable saving the private password in >>> plaintext in that file. >>> >>> Regards >> >> >> You can try in passdb return >> >> >> userdb_mail_crypt_private_password=%{pkcs5,salt=%u,format=base64:password} >> >> Aki >> >> >
