Okay, after digging into the source code of mail-crypt-plugin.c and doveadm-mail-crypt.c, it was clear that doveadm should do the trick.
But it didn't... Further digging into doveadm-mail-crypt.c lead me to mail-crypt-acl- plugin.c which revealed that there must be an additional plugin called mail-crypt-acl that must be activated. Found that module in /usr/lib/dovecot/modules/, activated it (mail_plugins = $mail_plugins mail_crypt mail_crypt_acl), recreated ACLs (with plugin/mail_crypt_private_password=<password> option), et voila... NOTE: This isn't documented anywhere! The whole www does not know about the existence of the mail_crypt_acl plugin (6 irrelevant/identical results on google). Even ChatGPT fails... ;) Please add this to the mail-crypt plugin documentation on this page: https://doc.dovecot.org/3.0/configuration_manual/mail_crypt_plugin/#mail-crypt-plugin Thanks, Robert Am Dienstag, dem 11.07.2023 um 18:10 +0200 schrieb Robert Senger: > Hi all, > > I am trying to setup mailbox sharing (not public mailboxes) together > with mail-crypt plugin and encrypted folder keys. > > According to the source code of the mail-crypt plugin (there's code > trying to retrieve private keys for shared mailboxes), and its > documentation, this should be possible: > > ----- > If you are using global keys, mails can be shared within the key > scope. > The global key can be provided with several different scopes: > > Global scope: key is configured in dovecot.conf file > > Per-user(group) scope: key is configured in userdb file > > With folder keys, key sharing can be done to single user, or multiple > users. When key is shared to single user, and the user has public key > available, the folder key is encrypted to recipient’s public key. > > If you have mail_crypt_acl_require_secure_key_sharing enabled, you > can’t share the key to groups or someone with no public key. > ----- > > The documentation mentions key sharing, but I have no idea how this > could be implemented, and did not find anything else than this mail- > crypt documentation in the whole web... > > I assume that I need to export the user key of the users's folder > that > should be shared, and import it into the receiving users keys, > encrypted with the receiving user's key. > > Is that right? Any hints how to do that? > > Regards, > > Robert > > -- > Robert Senger > > > > _______________________________________________ > dovecot mailing list -- dovecot@dovecot.org > To unsubscribe send an email to dovecot-le...@dovecot.org -- Robert Senger _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
