doveadm-mailbox-cryptokey(category28-ispconfig.html) - phpMan

DOVEADM-MAILBOX-CRYPTOKEY(1)        Dovecot       DOVEADM-MAILBOX-CRYPTOKEY(1)
NAME
       doveadm-mailbox-cryptokey - Mail crypt plugin management
SYNOPSIS
       doveadm  [-o crypt_user_key_password=password] [GLOBAL OPTIONS] mailbox
       cryptokey export|generate|list|password [options] [arguments]
DESCRIPTION
       Generate new keypair for user or folder. The new keypair is  marked  as
       active.
OPTIONS
       doveadm  mailbox  cryptokey  can be used to manage user's cryptographic
       keys.
GLOBAL OPTIONS
       Global doveadm(1)
       -D
           Enables verbosity and debug messages.
       -O
           Do not read any config file, just use defaults.  The  dovecot_stor-
           age_version  setting  defaults  to  the  latest version, but can be
           overridden with
       -k
           Preserve entire environment for doveadm, not  just  import_environ-
           ment setting.
       -v
           Enables verbosity, including progress counter.
       -i instance-name
           If  using  multiple Dovecot instances, choose the config file based
           on this instance name.
           See instance_name setting for more information.
       -c config-file
           Read configuration from the given config-file. By default it  first
           reads  config  socket,  and  then  falls back to /etc/dovecot/dove-
           cot.conf. You can also point this to config socket of some instance
           running compatible version.
       -o setting=value
           Overrides  the configuration setting from /etc/dovecot/dovecot.conf
           and from the userdb with the given value. In order to override mul-
           tiple settings, the -o option may be specified multiple times.
       -f formatter
           Specifies  the  formatter for formatting the output. Supported for-
           matters are:
           flow
               prints each line with key=value pairs.
       pager
           prints each key: value pair on its own line and  separates  records
           with form feed character (^L).
       tab
           prints a table header followed by tab separated value lines.
       table
           prints a table header followed by adjusted value lines.
       -o crypt_user_key_password=password
           Dovecot option, needed if you use password protected keys
OPTIONS
       -A
           If  the -A option is present, the command will be performed for all
           users. Using this option in  combination  with  system  users  from
           userdb  { driver = passwd } is not recommended, because it contains
           also users with a lower  UID  than  the  one  configured  with  the
           first_valid_uid setting.
           When   the   SQL   userdb  module  is  used,  make  sure  that  the
           userdb_sql_iterate_query setting setting matches your database lay-
           out.
           When using the LDAP userdb module, make sure that the userdb_fields
           setting and userdb_ldap_iterate_fields setting settings match  your
           LDAP  schema.  Otherwise  doveadm(1) will be unable to iterate over
           all users.
       -F file
           Execute the command for all the users in the file. This is  similar
           to the -A option, but instead of getting the list of users from the
           userdb, they are read from the given file. The  file  contains  one
           username per line.
       --no-userdb-lookup
           Do  not perform userdb lookup. Use the USER environment variable to
           specify the username.
       -S socket_path
           The option's argument is either an absolute path to  a  local  UNIX
           domain  socket, or a hostname and port (hostname:port), in order to
           connect a remote host via a TCP socket.
           This allows an administrator to execute  doveadm(1)  mail  commands
           through the given socket.
       -u user/mask
           Run  the command only for the given user. It's also possible to use
           '*' and '?' wildcards (e.g. -u *@example.org).
SUBCOMMANDS
       export [-U] | mailbox-mask
       -U
           Operate on user keypair only
       Exports user's or folder's keypair(s) in PEM format. If  the  keys  are
       password protected, -o is needed.
       generate [-Rf [-U] | mailbox-mask]
       -U
           Operate on user keypair only
       -R
           Re-encrypt all folder keys with current active user key
       -f
           Force  keypair  creation,  normally keypair is only created if none
           found
       Generates new keypair for user or folder. If you want to  generate  new
       user  key  and use it to secure your folder keys, use generate -u user-
       name -UR.
       If you want to password-protect your key here, use -o.
       list [-U] | mailbox-mask
       -U
           Operate on user keypair only
       List all keys for user or folder. No password is required.
       password [-N | -n password] [-O|-o password] [-C]
       -O
           Ask for old password
       -o old-password
           Provide old password
       -N
           Ask for new password
       -n new-password
           Provide new password
       -C
           Clear (unset/remove) password. Your key will not  be  protected  by
           password.
       Set, change or clear password from your user key.
SEE ALSO
       doveadm(1), doveadm-mailbox(1)
78ffb79                           March 2025      DOVEADM-MAILBOX-CRYPTOKEY(1)