Opening this to hopefully get some pointers from the community on how best to implement per-user encryption vs the global key/encryption method detailed in the dovecot documentation. Once I figure this out I'll do a PR to document it.
Here are the docs for the user encryption keys: https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/#encrypted-user-keys
The recommendation is to place the following into your dovecot config:
mail_attribute_dict = file:%h/Maildir/dovecot-attributes
mail_plugins = $mail_plugins mail_crypt
plugin {
mail_crypt_curve = secp521r1
mail_crypt_save_version = 2
mail_crypt_require_encrypted_user_key = yes
}
This is easy, but then they recommend the following:
The password that is used to decrypt the users master/private key, must be provided via password query:
File: /etc/dovecot/dovecot-sql.conf.ext
password_query = SELECT
email as user, password,
'%w' AS userdb_mail_crypt_private_password
FROM virtual_users WHERE email='%u';
As far as I know the docker container doesn't use a DB of any kind. Is that right?
And if so, does anyone recommend how best to achieve this?
Opening this to hopefully get some pointers from the community on how best to implement per-user encryption vs the global key/encryption method detailed in the dovecot documentation. Once I figure this out I'll do a PR to document it.
Here are the docs for the user encryption keys: https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/#encrypted-user-keys
The recommendation is to place the following into your dovecot config:
This is easy, but then they recommend the following:
As far as I know the docker container doesn't use a DB of any kind. Is that right?
And if so, does anyone recommend how best to achieve this?