You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|key | Encryption key, if no salt is given, must be hex encoded and match the expected length of chosen algorithm.|
25
+
|iv | Initialization vector, provide if no salt is given and algorithm requires one. Must be hex encoded and match the expected length of chosen algorithm.|
26
+
|salt | If provided, will use hash algorithm to create cipher key and IV with PBKDF2 algorithm.|
27
+
|hash | Hash to use in PBKDF2. Defaults to SHA-256.|
28
+
|rounds | Number of rounds to use in PBKDF2. Defaults to 1000.|
29
+
| algorithm | Encryption algorithm. Expects OpenSSL naming. Some algorithms are not usable due to system or functional restrictions. |
30
+
| raw | When set to 1, will return encrypted result in binary. |
36
31
37
32
::: tip
38
-
It is usually best to leave iv management to Dovecot, and not use
39
-
`iv` and `noiv` options at all.
33
+
For better security, use key and salt to generate proper pseudorandom cipher key and IV.
40
34
:::
41
35
42
-
### Return Formats
36
+
### Usage
43
37
44
-
Without `noiv`, encrypt returns `iv$encrypted$`.
38
+
To encrypt data, usually the easiest way is to do just `%{value|encrypt(key=key)}`.
39
+
This produces output that can be decrypted with `%{encrypted_value|decrypt(key=key)`.
45
40
46
-
With `noiv`, just encrypted data is returned. Field(s) are encoded using
47
-
format.
41
+
### Return Formats
48
42
49
-
`key` and `iv` must be the length required by the given `algo`.
43
+
If raw is zero or not used, the return value will be Dovecot specific `iv$data$` format. In case salt was used, the format is `s=salt$data$`.
0 commit comments