Re: mail_crypt: multiple keypairs
On 4.7.2019 15.35, mabi via dovecot wrote: > ‐‐‐ Original Message ‐‐‐ > On Thursday, July 4, 2019 11:17 AM, @lbutlr via dovecot > wrote: > >>> Is it possible to delete the inactive keypair? if yes how? >> Wouldn’t you then be unable to *unencrypt* previous emails? > That's also what I thought but based on my understand and on the > documentation of the "mailbox cryptokey generate" doveadm command > (https://wiki2.dovecot.org/Plugins/MailCrypt#doveadm_mailbox_cryptokey_generate) > if you use the "-R" parameter you re-encrypt all the mails with the new key. > See the description of that "-R" parameter: > > -R - Re-encrypt all folder keys with current active user key > > Someone please correct me here if I am wrong... > Actually -R will re-encrypt all folder keys with new user key. After this, old user key can be removed. Re-encrypting mails can only be done by moving them around. Never ever delete an old **folder** key unless you are really sure it's not used by anything anymore. Aki
Re: mail_crypt: multiple keypairs
‐‐‐ Original Message ‐‐‐ On Thursday, July 4, 2019 11:17 AM, @lbutlr via dovecot wrote: > > Is it possible to delete the inactive keypair? if yes how? > > Wouldn’t you then be unable to *unencrypt* previous emails? That's also what I thought but based on my understand and on the documentation of the "mailbox cryptokey generate" doveadm command (https://wiki2.dovecot.org/Plugins/MailCrypt#doveadm_mailbox_cryptokey_generate) if you use the "-R" parameter you re-encrypt all the mails with the new key. See the description of that "-R" parameter: -R - Re-encrypt all folder keys with current active user key Someone please correct me here if I am wrong...
Re: mail_crypt: multiple keypairs
On 4 Jul 2019, at 03:17, @lbutlr via dovecot wrote: > On 3 Jul 2019, at 06:38, mabi via dovecot wrote: >> Is it possible to delete the inactive keypair? if yes how? > > Wouldn’t you then be unable to encrypt previous emails? UNencrypt, of course.
Re: mail_crypt: multiple keypairs
On 3 Jul 2019, at 06:38, mabi via dovecot wrote: > Is it possible to delete the inactive keypair? if yes how? Wouldn’t you then be unable to encrypt previous emails?
