Skip to content

Commit 1fe7f3b

Browse files
sirainensirainen
committed
mail-crypt: Various cleanups
1 parent 5f3b87b commit 1fe7f3b

File tree

2 files changed

+18
-16
lines changed

2 files changed

+18
-16
lines changed

data/settings.js

Lines changed: 8 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -2698,7 +2698,14 @@ If enabled, you cannot share a key to groups or someone without a public key.`
26982698
plugin: 'mail-crypt',
26992699
values: setting_types.STRING,
27002700
text: `
2701-
Defines the elliptic curve to use for key generation.
2701+
Defines the elliptic curve to use for key generation. A key pair is generated
2702+
for the user, and a key pair is generated for each folder. The folder key is
2703+
encrypted using the user key.
2704+
2705+
This must be set if you wish to use [[link,mail_crypt_folder_keys,folder keys]]
2706+
rather than [[link,mail_crypt_global_keys,global keys]]. With global keys
2707+
(either RSA or EC keys), all keying material is taken from the global key
2708+
settings and no key generation is performed.
27022709
27032710
Any valid curve supported by the underlying cryptographic library is allowed.
27042711
@@ -2708,15 +2715,6 @@ Example:
27082715
crypt_user_key_curve = secp521r1
27092716
\`\`\`
27102717
2711-
This must be set if you wish to use folder keys rather than global keys.
2712-
2713-
With global keys (either RSA or EC keys), all keying material is taken
2714-
from the setting and no key generation is performed.
2715-
2716-
In folder-keys mode, a key pair is generated for the user, and a
2717-
folder-specific key pair is generated. The latter is encrypted by means of
2718-
the user's key pair.
2719-
27202718
For EdDSA, you need to use X448 or X25519, case sensitive.`
27212719
},
27222720

docs/core/plugins/mail_crypt.md

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,9 @@ dovecotlinks:
1414
mail_crypt_global_keys:
1515
hash: global-keys
1616
text: "Mail Crypt Plugin: Global Keys"
17+
mail_crypt_folder_keys:
18+
hash: folder-keys
19+
text: "Mail Crypt Plugin: Folder Keys"
1720
mail_crypt_ec_key:
1821
hash: elliptic-curve-ec-key
1922
text: "Mail Crypt Plugin: Elliptic Curve (EC) Keys"
@@ -272,14 +275,15 @@ crypt_global_private_key main {
272275
}
273276
```
274277

275-
### Folder Keys Mode
278+
### Folder Keys
276279

277-
In this mode, for the user a key pair is generated. Then for each folder a key
278-
pair is generated. This folder is encrypted using the user's key pair. A user
279-
can have more than one key pair but only one can be active.
280+
In this mode, a key pair is generated for the user. Then for each folder a key
281+
pair is generated. This folder is encrypted using the user key. A user
282+
can have more than one key pair for reading, but only one can be active for
283+
writing.
280284

281285
* [[setting,crypt_user_key_curve]] must be set.
282-
* [[setting,mail_attribute]] must be set, as is is used to store the keys.
286+
* [[setting,mail_attribute]] must be set, as it is used to store the keys.
283287

284288
#### Unencrypted User Keys
285289

@@ -303,7 +307,7 @@ crypt_user_key_curve = secp521r1
303307

304308
#### Encrypted User Keys
305309

306-
In this version of the folder keys mode, the users private key is stored
310+
In this version of the folder keys mode, the user's private key is stored
307311
encrypted on the server.
308312

309313
Example config for mandatory encrypted folder keys with Maildir:

0 commit comments

Comments
 (0)