Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # Keys generated using:
- #
- # fingerprint=$(echo -n "${imap_password}" | gpg2 --batch --passphrase-fd 0 --quick-gen-key "Mail encryption key <${imap_user}>" ed25519 2>&1 | fgrep 'revocation certificate stored as' | sed -e 's/.*///' -e 's/..*//')
- # echo -n "${imap_password}" | gpg2 --batch --passphrase-fd 0 --quick-add-key "${fingerprint}" cv25519
- #
- # Call this from dovecot with:
- #
- # plugin {
- # mail_filter = mail-filter read %u %{userdb:pass}
- # mail_filter_out = mail-filter-out write %u
- # }
- #
- # And configure dovecot to pass the un-encrypted mail password through:
- #
- # passdb {
- # driver = passwd-file
- # args = scheme=CRYPT username_format=%u /etc/dovecot/users
- # override_fields = userdb_pass=%w
- # }
- export GNUPGHOME="/srv/mail/.gnupg"
- imap_user="$2"
- tempfile=$(mktemp)
- cat > "$tempfile"
- if [ "$1" == "write" ]; then
- gpg2 --armor --batch --encrypt -r "${imap_user}" < "$tempfile"
- elif [ "$1" == "read" ]; then
- imap_password="$3"
- echo -n "${imap_password}" | gpg2 --quiet --batch --passphrase-fd 0 --decrypt "$tempfile"
- fi
- rm -f "$tempfile"
Add Comment
Please, Sign In to add comment