1DOVEADM-MAILBOX-CRYPTOKEY(1)        Dovecot       DOVEADM-MAILBOX-CRYPTOKEY(1)
2
3
4

NAME

6       doveadm-mailbox-cryptokey - Mail crypt plugin management
7

SYNOPSIS

9       doveadm -o plugin/mail_crypt_private_password=password [ -Dv ][ -f for‐
10       matter ]  mailbox cryptokey export|generate|list|password [ -u username
11       | -A ][ -S ][ -F file ] [ other options ]
12

DESCRIPTION

14       Generate  new  keypair for user or folder. The new keypair is marked as
15       active.
16

OPTIONS

18       options:
19
20       -A     If the -A option is present, the command will be  performed  for
21              all  users.   Using this option in combination with system users
22              from userdb { driver = passwd } is not recommended,  because  it
23              contains  also  users  with  a lower UID than the one configured
24              with the first_valid_uid setting.
25
26              When the SQL userdb module is used  make  sure  that  the  iter‐
27              ate_query  setting  in /etc/dovecot/dovecot-sql.conf.ext matches
28              your database layout.  When using the LDAP userdb  module,  make
29              sure  that  the  iterate_attrs  and  iterate_filter  settings in
30              /etc/dovecot/dovecot-ldap.conf.ext match your LDAP schema.  Oth‐
31              erwise doveadm(1) will be unable to iterate over all users.
32
33       -F file
34              Execute the command for all the users in the file.  This is sim‐
35              ilar to the -A option, but instead of getting the list of  users
36              from  the  userdb,  they are read from the given file.  The file
37              contains one username per line.
38
39       -S socket_path
40              The option's argument is either an absolute path to a local UNIX
41              domain  socket, or a hostname and port (hostname:port), in order
42              to connect a remote host via a TCP socket.
43
44              This allows an administrator to execute doveadm(1) mail commands
45              through the given socket.
46
47       -u user/mask
48              Run  the command only for the given user.  It's also possible to
49              use '*' and '?' wildcards (e.g. -u *@example.org).
50              When neither the -A option, nor  the  -F file  option,  nor  the
51              -u user  was  specified,  the  command will be executed with the
52              environment of the currently logged in user.
53
54       -o plugin/mail_crypt_private_password=password
55              Dovecot option, needed if you use password protected keys
56

SUBCOMMANDS

58       export [ -U ] | mailbox-mask
59
60       -U     Operate on user keypair only
61
62       Exports user's or folder's keypair(s) in PEM format.  If the  keys  are
63       password protected, -o is needed.
64
65       generate [ -Rf  [ -U ] | mailbox-mask ]
66
67       -U     Operate on user keypair only
68
69       -R     Re-encrypt all folder keys with current active user key
70
71       -f     Force keypair creation, normally keypair is only created if none
72              found
73
74       Generates new keypair for user or folder. If you want to  generate  new
75       user  key  and use it to secure your folder keys, use generate -u user‐
76       name -UR.
77
78       If you want to password-protect your key here, use -o.
79
80       list [ -U ] | mailbox-mask
81
82       -U     Operate on user keypair only
83
84       List all keys for user or folder. No password is required.
85
86       password [ -N | -n password ]  [ -O | -o password ] [ -C ]
87
88       -O     Ask for old password
89
90       -o old-password
91              Provide old password
92
93       -N     Ask for new password
94
95       -n new-password
96              Provide new password
97
98       -C     Clear (unset/remove) password. Your key will not be protected by
99              password.
100
101       Set, change or clear password from your user key.
102

SEE ALSO

104       doveadm(1)
105
106
107
108Dovecot v2.3                      2016-01-12      DOVEADM-MAILBOX-CRYPTOKEY(1)
Impressum