1. If I want per-user encryption am I correct I should configure global keys with all related settings override in the userdb lookup? 2. If I do not want to encrypt some user accounts, is it enough to omit the mail_crypt_global_private_key from the userdb lookup? In other word, mail_plugins still active with mail_crypt, will that cause user account to be encrypted unexpectedly if no private key is given?
I found answer to this question, set mail_crypt_save_version=0 in userdb
3. Example command to create EC key does not ask for password, openssl ecparam command does not seem to have password arg. If I want password-protection should I use RSA key which the doc tell to be discouraged?
