From caddee4b0458b220fac1e8fb2ec6deaef1074131 Mon Sep 17 00:00:00 2001
From: Francois Lesueur <francois.lesueur@insa-lyon.fr>
Date: Thu, 20 Jun 2019 23:48:26 +0200
Subject: [PATCH] generates claws passwords on the fly

---
 .../mailclient/claws-mail/passwordstorerc     |   2 +-
 files/templates/mailclient/genpasswd          | Bin 0 -> 18400 bytes
 files/templates/mailclient/genpasswd.c        | 333 ++++++++++++++++++
 files/templates/mailclient/provision.sh       |  19 +-
 4 files changed, 346 insertions(+), 8 deletions(-)
 create mode 100755 files/templates/mailclient/genpasswd
 create mode 100644 files/templates/mailclient/genpasswd.c

diff --git a/files/templates/mailclient/claws-mail/passwordstorerc b/files/templates/mailclient/claws-mail/passwordstorerc
index 7da32f2..adba2a9 100644
--- a/files/templates/mailclient/claws-mail/passwordstorerc
+++ b/files/templates/mailclient/claws-mail/passwordstorerc
@@ -1,2 +1,2 @@
 [account:1]
-recv {AES-256-CBC,50000}$password
+recv $password
diff --git a/files/templates/mailclient/genpasswd b/files/templates/mailclient/genpasswd
new file mode 100755
index 0000000000000000000000000000000000000000..394aa1cb29dd771a39beea957bdc5e4e34c71a06
GIT binary patch
literal 18400
zcmeHPeQ;dWb-$~XYy)N`JD3>rwQ(@v%WKJB*iZ+_(lbv)Ho}&u`7n=__UQvltMz^u
z%T$SzwLN-SmZ&NAsOhxzq)p<anThET>Ox6m%vk1Q8ZiZ`P&yF-r@Po01UN=b!0PYZ
zchBnWY9C>ye{?#d>v?<b`Q3BQJ@?-8?tAa*UVlw%*iho}2u@z{WkKBd#Wqr{3jCY_
zUoF;%3-EijxJt|dUnVj96rmH!G}Ae@nDBy@;#yN;1BLVoCC8LKBue$UrFX8fOPC7b
zmjLOJuSb_k7St~@Oe@JDq-sT3kK7}@5v4bx^q30eKT~cWwT-SORbEKzP)3O<$x>=O
z6%SFqUp2gtc1bBAn6lno&?7%TYpPI!n^k>o{h}-XnesR+>*{P-y>eMsXlYkxII(N#
zt~INdu3j04^#qp7c9VUQy?s-&tcm;44~~4k1Q&HRmA|)msCL7B2d~)rW$$;7R{!Md
z?=61pAeCK>i^r{h$nO!Q)fW)<1zcam_4M1{{<B)`wKJnTwqEhi>Gyr7|Lr{=;G*dg
z7@A+C<XRVeoeLg^jbe7*a*=<;MLq!BkE<}P1K=+N!N2BW|2-GH3>{v~&r%n8k}X#6
z<G_pAxz5GT8!q_ME_Uv6sdu}J{5jZPjIzS?B7kCkHo5roqznGGi=7=V@;`Es|E3H6
zmo9cPF8F>I{059~g;*peD*dQwDt%t!mx)XPewC6h#Q#Ftzeuc^J7t4%=W)#!<znyU
z`MAJ+-;QhP@<1is?Ull)Z`x>t%&6Jk8H=0Irj4~-Jz=vc*wSSR!)WjB2^+C^Fd8=u
zVcfCP*sSDgyMnQp8MD=kDz`%~8cIZrNVGE?ZxiiCYlqpoJ(lP;!sf$ZyMtX_J*}0_
zf_5`*ggV>JSR80eFlMe^X_(>Go{;I3YKxl0N6mO58a6uHjJ9BBm+^2g8tx3YI|bvt
z5z`=>U1qpF-XV;(&T!|H<&aruIS~m3<78V_L46fY#JghDQ!C)8WQ^9%NQW6EzoNa7
z`0@gns%t^Jwi~g|-7uA>6Efid+Li|vfyl^qv$vQDDhda?O&ZBoa%{DTB;qlF&PFRm
zx7i&t<3w5`y~6HdjAQGrAT>VNMLrn@>8fGv4t9oxVWQnZ6tu)*HV!Bp61O+hudg+h
z2dY-)vdaUjXx49P*kY_OR&sQe;Auc}J|)UI^Nb2SWD&;dQCouNNQv;|{@GF<U@sx2
z>G@NM>+wH7h{s~7SSI6Nh{U4K3#f)$$Pg0gFIDoy?>%!R%1gusRnG4R{9GSbPnaR~
z9>Dk!g^#KGj&bHkmifuNe3zIlbN0`u17{s78FSzlIpi}AT)m>n(s2jwoChZyI6ZSY
zEmVGzFKB))`5n0G0$FyQ1Lv`!f=UO@?;?b+ap2DPwQ2|Md|%NWI0hh>8XfqBIaG+P
z4%|6)J?OxF4*3oTUhcpn4xHbKsCbtHpXZR@<G?@X!22Ee0tY_ez%O;+gAV-j4*ZY<
zU+BOOJMhaK_z?%b$blbq;La(0$bs{_HL0C+;8!~Aj5u)hYAs9k<e52osx19QztHy$
z#Y-kf^yKq%j*H1v{|IPu$&>gkzq%SZ;yXwuJ2r{5<VVC)$Yn<)|6Srsh#!*tcZjDD
z%N~*Zw~43F${v#ZH;Jc^$__~W8^lv6W%o#aH}MqK*@)z$#M7;neNgfb5l<nOZIpZq
z@f2FwYRTVAJl%5HO37~~o<c0^m;4>X)2)}Sko<b$Db%t;^0yFAA(kCK4`9i1;wiMU
zW0Jpt_<6*SNPaQ#bjxOkB)^Dw3a#uB$<HUAZr$u5$zMo3g;;h#@+HJmXl3_E{`ZT)
zQ%Geawm$f_0q`<a{kGnE<pJILwVr%uys@bvUA7x-(bE@uC0X}RXzApF6JPL)v*lOU
zQOUYvFrcT)h&1chPw3VuJvrgqxd6leeaO-9U$AX*tWC;qJ5HnC7AU`ZudEOHUzhr;
zcH8>rN&nb+uWpU&$1=C+o)h{j=i>`uEU1jlwT;>Oh4%KWtAZVo_>!JncQX{=l65LR
zS5K{*4?J@*dOV}!XWNOgIRHE#PWR`PtKf9<Hj%g}`v4?uzfu1Se!DSQGC4W2O~wP|
zYyPz6?waPBrY-u{&m0y)=+?7ap{QFwr3lik15}}Ir73<ItbJ=FH>O+1e@<bZxd6kU
zTiTGG!j*1BzWJzbJy&nNUh{L5!yNLj);z27M=4hHWX7X=Mt(+ldUY21N9XkILlye<
z&+FEho*aUfc0^A;OLbQ7?6Pb6)yJ}?!+Pof;d&}9Jxghab?aYsYd8}o0dm9A4(X|l
zNAz?vXs%f5OLjQp{X~i$(XD;T2(<P|v*~>g!ur$IaO-E%H&||xmh-B$#Z=8rFgL8d
zOyZ{(r?i*#!Sbi}mXV$0_-gApiS$2i1KP`;WZ%oTeRWjzAGa!<CVBE#)~zgm=MRJ(
zkVBD5%Ym6{QJ*YS4VH~f%i)=lIBiRyhlVrdR8z6m?X>HVtyi6z*SeihbZg!HpWeC~
z$+U$bDBik%`8~C+8NpNN_;+Q=r!}p@(X^Ganl}gZv^jcT&HXjoY96RDwjGz@oeS=9
zj1Gc(7xl9B(}*MoIwX-@kKm^MZLko<Br;ZSov_DfiQS5m4XN&v^=XY-G}K^aIAVrn
z4AJ1*U?r&!%R9ve-*ra)GmfbLa9Y$K)l=I}>gigl1JOB(I{db|>p;ky4OZCT!W{U9
zvyM-{vko_;Otho!8mi<_1MWC$pRn!CQTA+bobK)6eG?#dLw^0)D;dP?OI<DEmmo*o
zEaDd;M_nuu7aj$f%=VQCk?gCmOQ_d#C9NodG~E(*DdqmKQ|W0`nvypvW{Xma?zbjr
z%(MYL**B20a;20zK)MJqIo2tN*we+|{x^m7tMXyphhGHZ02}p;q?%tn_U^*|3P#e6
z9^9J)n6_j|g|no@Su)32;+-lXxDS(;?R7d*3XdYvu>;gkBv^0Z`7@kpL+m$L?_vsr
zxQ5wO&Tivq;IQ^4xqJE%J(U>LtzV%SB2F{)c<@+w3JqucbO%{)z{;Q$v#tC{S{bF`
zJbf)%d^DwvmOnKYEoeS0v!x|f#}wW_w<M{JdH|C*Ye%BLNTU9f_U5fxMfo>+rPIwP
z(IOf-eeH94`G)5(1pTNIVcZNVZz$z|B@Ivtr5+ol?DbMLi9x_v%keMYm!P2IUTQ=y
zX#=@=_~mob21XF=`v`ezpLRG`{$rFk;OU>z26Nb;#L%1C(HyoH*ik#A&tlFPQ*(wr
zW9U}jgq1jZlzLhr$ure@S{wRVH6W_{H8gnNP{N1j|607PWtw2`^uj!mdD6YIhZgz8
z3-&~WCoI{q`i@$OC#_~Yp31I)GI}h7pv{Q*Mes3G{*>4|lvp6W%Y2PGHeL1!UJ#{N
znz|d}*6ZZO`QK3wXk#gwDTXsYffHay>r&<sIg7~H8P3d>_%K3d6r(am9YOE6sf|zG
zwb6P@2Fx#2%)CS~lYG9y(q4tw7+Jj@l_dLK6^U6uMo-V9U&7}BmrkPp#?gP=Q_t@~
z3;T5|v1eGDpcmO;?QB0@_|U|Dkyxy!7xYtW(yK;5<QqcfAe+iA@JhiwwqV2-{6S8z
zJ12MsH+D*!fFCaav$S!WxnDA8QqAM3jc4KM9y{p!?01wyDQz6jqMy?QoO$A`?5%-e
zZIE~f56D@Q+I9|)a}4idfQN`*Lb7!8BYzq4vfWvFt=H2V@z7~LluArs^l_^WXSPZo
zGBl#SISX%pIA!7Ak+&^e3k$>A#}sHVk4_uT+za!T_Ri_jB=D5>@v*Vlw`%Wv^?f^w
zl2r3MDea7BM92L<oH<Q)G3Gh6bp)11bAkR>C{Hz?A<T}M%k8G!LI@eS!*)zI^UHQ#
zHgmb1mn~YIYjQ$PleVWvNWwY+XLP$#Jx$XH6@CC*w|<dX2gRIc(%)O9l7=}{wL+?n
z<orGTfkUHpB3}%X%0@IVF{<Xtzkx7r9@*0yP_t}AFF@pFBf9OpY-rHVk5HqV?YwN<
zJ@CjLjX`@DBwA}XUt0W<!{X%*i{;4YI|$?Q##~^xlI~Sm->LT@DWmlz(nsf{nop**
zv%2+)^&IAq@1a|z51B_~IbM5G+DY>CAE1f+kUfRqwym)GKE};84saZgzBzh|?xiq|
z3&eZn%jB?a>s!#3xfk%2uosOJLcZ%;lk~dZkX~|dK7I3~mlEAlZ=I{RUTe4>pFjBa
zJ@$z=^U*l!-uK(Mzv@3&AJ2gX>s%cyOkVP)o;>c+*ZybXUHUe@ZyUdM9UqwbKKk%D
z{33hu>zUSK5b=&w+mq-D`NKVNKi2L1(O@{#)9r8RjhiulTTj%#J>-uCyW#<nxN}we
zuGTFZ!nJqSY+9jhY1n$_y}dhncCQHDVRnbLuf&4ET{{}%b*pywMmyVMwQZ3d+Red^
zt()#yxoK_9iXCCCe*Mm6D;jHd>@u60cdWfT`jzO~_I2w-1k1D!_e4YfFRb%#YHnx{
zYT2?A>$+4H>4;*PHCOt`lGsg4LVZhOQV~m#m5#<B%jS6X)3BE^h39hbtz9Um5ABoh
z*~79G!!riH1GFD>5JNu!`Y`4X`uoEV@p{q-`V43URA6o%06hgt&!$>TYNMe2p!D}g
zdP}QT-OFoXp52>;XIF*i^0~9;40vW&5KikNqZry7K{*wd7vdTSko+9@Omz!i#RlKP
zJIXJ5c+MVi+oD@<SaHo_vO)TFxFWDiixHe|Lgs#4gJ|Qg$hR6_#r~4oi)S@{%llYq
zy6n+e$=Ti)OW>WYLG?X~>vl{W%S#>dn;!F~OCK#u&hlPe3Tg7`NnCf~okFe$vfYig
zDJp*zS1rml&|JMG)lz`!Ig6_U<)@tGw?FDlmX`dI9U?ndpxsL_1`publ(XZ#$4fF)
z{wFAJ#eKKVX=j&hf%@crl=q|Dr1JH?if@&y_bq(PtNHxt()GUU9xc;-mHTJuzBS3&
z8-3ML-<ld<WsUE;^*%r3Aiv%>NA~aE!_E=d$-jfh=uDdFftend>4BLZnCXF;9+>HY
znI4$wftend>4BLZnCXH4pFP0)ka*t_w*sHQG8IzV<3x#Z+9O4Y)>|m?{y*MR#QXku
zuL<vi;=LrihQWJIcs~?<?^ELP-<_ZAA%0MOl+$`QrAoE=hxY)DsB+%pbC=?2BL<~~
zHWALfH3ZR;gG_3l3V-_-uJh1_5K6q)W<qT;V%)EI_IuP8$3AyEasBu^r)&>UDT*Z}
z$&V;S{5eAM><5;6B>xRnj%5<b=loXo|F1}HAA5lVZ7MK!D!O0MgNlA%(WewWq3G+1
z{zlPriq2Ajb*ZA)D!N+H4T|2aXq%!t72U7sK}El>=u?WGQ1o?0xjADhE^e=_y~TfB
zo!QbE4Et9HRs<@SR;{@)WVWnLR9$Za{^gZbH&?EzTFts{)Qh`_&nq}(yjZ*Ceg65l
zSHw9W90gwNOXT~)0VAf%1m6$&_^jN0laJ399AEkP9Kms!k6$1--t+Mb1>YC>`1Jk3
zRPM#>(Wu5ZU;bh-Rxl2>yf1gIBwxPBK4WRWLJaVP<52L5dAaiu4jBH-7ZW@IISRbu
zbGh>#4jA&62%fj{@de`KQoj?Dd9Sz>=Rk_#pBKEp)2Za8Sxd!VK7N@PEs8Iiwr`vC
zykdGM(DYp@-j}-$oVIB=JeVa5{ik`nMEHc?xhWDDStk6!0z9Db!siRE*Ltw;Jfr;Q
z=gAg{Pw&s&$__uTz{<2Azn&uF@;%_i+Vuo*>3_LY7jmr}*=H19t2S3^cCmO-;r$9f
zrSLaEJ=h%_QE|fax?6u{rTly`c9k-q$VU>N-p^EA%zv-!sOfQgDR57bIJrs6e{NcQ
z(zz5-q~GZ8Af6)e`CpiK{9<~%-2-{&K4G#-X}b#^b-@p~;6HT1pLM}smbg#sQK8P$
z<!NN*BR=^&8vjk^P00JD$N4{}UGPb1KVO!(*CjrE{+TE1oi4w`1+R0#>3QIvZbn30
z<o5%ghxp`qkN(6%>41y;4_xqPT=18G`=!PFpHsjqip0qWE_O=r0<$>ZgygOQPUBUj
z?mLdLWx(f^Oh1=$tCXK^s7cB5^P44t%6^546H^uJaIy0p7yMZld=xmHtKs>L>wQPc
z`$V^Tfs}viLgB~2=Rtm4&4>K{Sc-w;wzCbQOI+|(F8CV6XR&iWw?Ur9tI*F4E_S*l
z?h}*qY;WY>4w2pMBA<4_f2{1hq+a~x-}GQ-yX>DL?+LBZcr2c1YYVjEbjTgGn~jG0
zEloHJG<9Ogh<6*UbY=*Lfs9a((cab566`WU@t$bR2qt!k)}HQ2ml-!hfz@koUS3>C
zp3E_V(P*$2e_D=5dqrCmhg^(MqPx2nDh|$|^D=p&?Pgg1T{;9OJGz57+0qfL5;*u1
zHlsMsW6+=21&$kSH|3!kxZb&wY$n33h7qV*zIx?aup2hlY}5>GQyrajl1=42j=LC|
zt_1YD&BD07;m-9n4aS`tHf+(FjHa6P4H_xsc^1kC<RL0y)ZMeGW@CM=^ORElp`-k>
zL43%ly4rE(#y(I5NS)51BRTfDpM0#~#FaYs(;7?I=b%2r=`K21lyB2MQIwBOJ5Q8f
zoIA;-&Rc!ji8F`GbkIqi1vBdJ#HplEXV^%@%n(AuH1n&l4?pE&4pZ_pm#ntvNi~Em
zPCu!0Pld<U^3P5cQ~?+5JspPJ(}5Ak`8gFst_RdmU989Gz+Mn}#7>^YqCs&v2R3z>
z43$qEyvmOgJ{6WPGIio^+DSOaNiVlO9XR?Y@0|Ra>?3Ri^%Ne}<D-4*Tv@&a@|6#_
z<=KgBZ;h=oA}!lPZOhdOHk3~tLCZHo-Ib><PqK+XthYNJYypi&ZQ8*(978mt5fQ+4
z95Ya}zJ6&u*seI34zwgXaUQxeBm%^B1Y;c{5b6!Xo=xLXyJV*sjbZyt9%G;^YIX%l
zLFFQtbOLfr1IPy2d%(ucUHFx!5ChR3dFC!)cBt8{BLpMN*{b$5XKQf&p;m~YnqYTl
zD}3mQlX)O?fG>dadm?}dw;PkF{iOKc{nBF^k1)Ku+ljxMnHGMok*qU)5e%)-us(lZ
zGxa-#k;mgHFI9na>hpIv(`)jir|Z|D9J@n%xPJa#XSzn|mnq86e>S@b8Ct_)eg3Xz
z`XHX0lxQ7{+Rpm?U2-=t5@CH_H)G1{WDt?5u>T$aN^4TA&+7zCb*0DtvmDdyD5o_p
z=6OAVX`|97|4D}ZSFoV(KN=I(=XD3Bqe_tLXMJw}UZuZY$?^IG(`sdy^hu{s|1n_H
zC%n$c>zqt^JrE)?k+05VfpO~ddIwXv=gXl$J7p;`eH?kGKCg=~Wq+j-ehT@&F3{)i
zAg13gSZCpS+1}q3=<~WRQ(oU>`NH=9Q0epd@plQ+3073Juzvb(r}neH+y7_5W(w=4
z{m)K)Uf*GQh6)|2u>W2_87*z7+bp*Z#Q)z#p*-_UUxO|!Ij}yj7Y!{1h{SR>H^npl
z77EBk*5`GZlYc~??fnKBie1*{^(X%SNVsD;zPVl=he7B%>*sZ<k!5xbl{U%!vOd%I
z3iNa9SxRv<r)g(ck1556vwmLp8ddu2C!1kC=FcNT7`LClcQT(*pVnQdekIOk@!e!+
z)iC66lBMLN9J_Xj{kxDJEJ(V#fv!Y;1uph~Ar&G~G5an7_4D8@cIJtKfaiKymOj^t
Q>Cd~(mY7?hP{4}+0mnn9aR2}S

literal 0
HcmV?d00001

diff --git a/files/templates/mailclient/genpasswd.c b/files/templates/mailclient/genpasswd.c
new file mode 100644
index 0000000..e4d03c8
--- /dev/null
+++ b/files/templates/mailclient/genpasswd.c
@@ -0,0 +1,333 @@
+/* customized from claws mail source code */
+
+/* pkcs5_pbkdf2.c - Password-Based Key Derivation Function 2
+ * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
+ *
+ * Modifications for Claws Mail are:
+ * Copyright (c) 2016 the Claws Mail team
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+ /*
+ * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
+ * Copyright (C) 2016 The Claws Mail Team
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+
+#include <glib.h>
+#include <sys/types.h>
+
+#include <string.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#define CHECKSUM_BLOCKLEN 64
+/*
+ * HMAC-SHA-1 (from RFC 2202).
+ */
+static void
+hmac_sha1(const guchar *text, size_t text_len, const guchar *key,
+    size_t key_len, guchar *digest)
+{
+	GChecksum *cksum;
+	gssize digestlen = g_checksum_type_get_length(G_CHECKSUM_SHA1);
+	gsize outlen;
+	guchar k_pad[CHECKSUM_BLOCKLEN];
+	guchar tk[digestlen];
+	gint i;
+
+	if (key_len > CHECKSUM_BLOCKLEN) {
+		cksum = g_checksum_new(G_CHECKSUM_SHA1);
+		g_checksum_update(cksum, key, key_len);
+		outlen = digestlen;
+		g_checksum_get_digest(cksum, tk, &outlen);
+		g_checksum_free(cksum);
+
+		key = tk;
+		key_len = digestlen;
+	}
+
+	memset(k_pad, 0, sizeof k_pad);
+	memcpy(k_pad, key, key_len);
+	for (i = 0; i < CHECKSUM_BLOCKLEN; i++)
+		k_pad[i] ^= 0x36;
+
+	cksum = g_checksum_new(G_CHECKSUM_SHA1);
+	g_checksum_update(cksum, k_pad, CHECKSUM_BLOCKLEN);
+	g_checksum_update(cksum, text, text_len);
+	outlen = digestlen;
+	g_checksum_get_digest(cksum, digest, &outlen);
+	g_checksum_free(cksum);
+
+	memset(k_pad, 0, sizeof k_pad);
+	memcpy(k_pad, key, key_len);
+	for (i = 0; i < CHECKSUM_BLOCKLEN; i++)
+		k_pad[i] ^= 0x5c;
+
+	cksum = g_checksum_new(G_CHECKSUM_SHA1);
+	g_checksum_update(cksum, k_pad, CHECKSUM_BLOCKLEN);
+	g_checksum_update(cksum, digest, digestlen);
+	outlen = digestlen;
+	g_checksum_get_digest(cksum, digest, &outlen);
+	g_checksum_free(cksum);
+}
+
+#undef CHECKSUM_BLOCKLEN
+
+/*
+ * Password-Based Key Derivation Function 2 (PKCS #5 v2.0).
+ * Code based on IEEE Std 802.11-2007, Annex H.4.2.
+ */
+gint
+pkcs5_pbkdf2(const gchar *pass, size_t pass_len, const guchar *salt,
+    size_t salt_len, guchar *key, size_t key_len, guint rounds)
+{
+	gssize digestlen = g_checksum_type_get_length(G_CHECKSUM_SHA1);
+	guchar *asalt, obuf[digestlen];
+	guchar d1[digestlen], d2[digestlen];
+	guint i, j;
+	guint count;
+	size_t r;
+
+	if (pass == NULL || salt == NULL || key == NULL)
+		return -1;
+	if (rounds < 1 || key_len == 0)
+		return -1;
+	if (salt_len == 0 || salt_len > SIZE_MAX - 4)
+		return -1;
+	if ((asalt = malloc(salt_len + 4)) == NULL)
+		return -1;
+
+	memcpy(asalt, salt, salt_len);
+
+	for (count = 1; key_len > 0; count++) {
+		asalt[salt_len + 0] = (count >> 24) & 0xff;
+		asalt[salt_len + 1] = (count >> 16) & 0xff;
+		asalt[salt_len + 2] = (count >> 8) & 0xff;
+		asalt[salt_len + 3] = count & 0xff;
+		hmac_sha1(asalt, salt_len + 4, pass, pass_len, d1);
+		memcpy(obuf, d1, sizeof(obuf));
+
+		for (i = 1; i < rounds; i++) {
+			hmac_sha1(d1, sizeof(d1), pass, pass_len, d2);
+			memcpy(d1, d2, sizeof(d1));
+			for (j = 0; j < sizeof(obuf); j++)
+				obuf[j] ^= d1[j];
+		}
+
+		r = MIN(key_len, digestlen);
+		memcpy(key, obuf, r);
+		key += r;
+		key_len -= r;
+	};
+	memset(asalt, 0, salt_len + 4);
+	free(asalt);
+	memset(d1, 0, sizeof(d1));
+	memset(d2, 0, sizeof(d2));
+	memset(obuf, 0, sizeof(obuf));
+
+	return 0;
+}
+
+
+
+
+
+
+
+//
+
+
+# include <gnutls/gnutls.h>
+# include <gnutls/crypto.h>
+
+#include <glib.h>
+#include <glib/gi18n.h>
+
+#include <stdlib.h>
+
+/* Length of stored key derivation, before base64. */
+#define KD_LENGTH 64
+
+/* Length of randomly generated and saved salt, used for key derivation.
+ * Also before base64. */
+#define KD_SALT_LENGTH 64
+
+char* monsalt;
+
+int get_random_bytes(char* dst, int len) {
+  return 1;
+}
+
+static void _generate_salt()
+{
+	guchar salt[KD_SALT_LENGTH];
+
+	if (!get_random_bytes(salt, KD_SALT_LENGTH)) {
+		printf("Could not get random bytes for kd salt.\n");
+		return;
+	}
+
+	monsalt = g_base64_encode(salt, KD_SALT_LENGTH);
+}
+
+#undef KD_SALT_LENGTH
+
+static guchar *_make_key_deriv(const gchar *passphrase, guint rounds,
+		guint length)
+{
+	guchar *kd, *salt;
+	gchar *saltpref = "uO5gxcSFnCOAN3ESLXOZyqoz3aJemnEKsaaxqPtD5zyrigsCfpqE7ahXNY4N9A3qnEIBv/3PAqxeTUq9VrKr9g==";
+	gsize saltlen;
+	gint ret;
+
+	/* Grab our salt, generating and saving a new random one if needed. */
+	if (saltpref == NULL || strlen(saltpref) == 0) {
+		_generate_salt();
+		saltpref = "uO5gxcSFnCOAN3ESLXOZyqoz3aJemnEKsaaxqPtD5zyrigsCfpqE7ahXNY4N9A3qnEIBv/3PAqxeTUq9VrKr9g==";
+	}
+	salt = g_base64_decode(saltpref, &saltlen);
+	kd = g_malloc0(length);
+
+	//START_TIMING("PBKDF2");
+	ret = pkcs5_pbkdf2(passphrase, strlen(passphrase), salt, saltlen,
+			kd, length, rounds);
+	//END_TIMING();
+
+	g_free(salt);
+
+	if (ret == 0) {
+		return kd;
+	}
+
+	g_free(kd);
+	return NULL;
+}
+
+#define BUFSIZE 128
+#define IVLEN 16
+gchar *password_encrypt_gnutls(const gchar *password,
+		const gchar *encryption_passphrase)
+{
+	gnutls_cipher_algorithm_t algo = GNUTLS_CIPHER_AES_256_CBC;
+	gnutls_cipher_hd_t handle;
+	gnutls_datum_t key, iv;
+	int keylen, blocklen, ret, len, i;
+	unsigned char *buf, *encbuf, *base, *output;
+	guint rounds = 5000;
+
+	g_return_val_if_fail(password != NULL, NULL);
+	g_return_val_if_fail(encryption_passphrase != NULL, NULL);
+
+/*	ivlen = gnutls_cipher_get_iv_size(algo);*/
+	keylen = gnutls_cipher_get_key_size(algo);
+	blocklen = gnutls_cipher_get_block_size(algo);
+/*	digestlen = gnutls_hash_get_len(digest); */
+
+	/* Take the passphrase and compute a key derivation of suitable
+	 * length to be used as encryption key for our block cipher. */
+	key.data = _make_key_deriv(encryption_passphrase, rounds, keylen);
+	key.size = keylen;
+
+	/* Prepare random IV for cipher */
+	iv.data = malloc(IVLEN);
+	iv.size = IVLEN;
+	if (!get_random_bytes(iv.data, IVLEN)) {
+		g_free(key.data);
+		g_free(iv.data);
+		return NULL;
+	}
+
+	/* Initialize the encryption */
+	ret = gnutls_cipher_init(&handle, algo, &key, &iv);
+	if (ret < 0) {
+		g_free(key.data);
+		g_free(iv.data);
+		return NULL;
+	}
+
+	/* Find out how big buffer (in multiples of BUFSIZE)
+	 * we need to store the password. */
+	i = 1;
+	len = strlen(password);
+	while(len >= i * BUFSIZE)
+		i++;
+	len = i * BUFSIZE;
+
+	/* Fill buf with one block of random data, our password, pad the
+	 * rest with zero bytes. */
+	buf = malloc(len + blocklen);
+	memset(buf, 0, len + blocklen);
+	if (!get_random_bytes(buf, blocklen)) {
+		g_free(buf);
+		g_free(key.data);
+		g_free(iv.data);
+		gnutls_cipher_deinit(handle);
+		return NULL;
+	}
+
+	memcpy(buf + blocklen, password, strlen(password));
+
+	/* Encrypt into encbuf */
+	encbuf = malloc(len + blocklen);
+	memset(encbuf, 0, len + blocklen);
+	ret = gnutls_cipher_encrypt2(handle, buf, len + blocklen,
+			encbuf, len + blocklen);
+	if (ret < 0) {
+		g_free(key.data);
+		g_free(iv.data);
+		g_free(buf);
+		g_free(encbuf);
+		gnutls_cipher_deinit(handle);
+		return NULL;
+	}
+
+	/* Cleanup */
+	gnutls_cipher_deinit(handle);
+	g_free(key.data);
+	g_free(iv.data);
+	g_free(buf);
+
+	/* And finally prepare the resulting string:
+	 * "{algorithm,rounds}base64encodedciphertext" */
+	base = g_base64_encode(encbuf, len + blocklen);
+  //printf("base is %s\n", base);
+	g_free(encbuf);
+	output = g_strdup_printf("{%s,%d}%s",
+			gnutls_cipher_get_name(algo), rounds, base);
+	g_free(base);
+  //printf(output);
+	return output;
+}
+
+int main(int argc, char* argv[]) {
+  //printf("pass %s %s\n", password_encrypt_gnutls("totfrefrgo", "passkey0"), gnutls_cipher_get_name(GNUTLS_CIPHER_AES_256_CBC));
+  printf(password_encrypt_gnutls(argv[1], "passkey0"));
+  //printf(argv[1]);
+}
diff --git a/files/templates/mailclient/provision.sh b/files/templates/mailclient/provision.sh
index 6c10cff..d1d5d2a 100644
--- a/files/templates/mailclient/provision.sh
+++ b/files/templates/mailclient/provision.sh
@@ -24,13 +24,18 @@ sed -i -e "s/\$mailname/$mailname/" /home/debian/.claws-mail/folderlist.xml
 # https://github.com/eworm-de/claws-mail/blob/master/doc/src/password_encryption.txt
 # https://github.com/eworm-de/claws-mail/blob/aca15d9a473bdfdeef4a572b112ff3679d745247/src/password.c#L409
 # For now, they have to be extracted from a configured claws in .claws-mail/passwordstorerc
-if [ "$password" = "hacker" ] ; then
-  pass="AiU2DSaWBrjobby90aPWqUKtfV6bnpueNcmHKo5+59gXxh9Y1nrxFNpzOaXa/kKdoUEuyoMzCnwK9eXCS9I96u8mDzYQMall1RkJNb8hWxXOiIOI7kp4ivU+bFqRCzBBadtwdFRtvpDiQYhCIb0di3ltNLE017eoMi6sRrd23PY="
-elif [ "$password" = "commercial" ] ; then
-  pass="jcFj1Y73ajScjfy2OL6ld76+Xb/pM28UWQJIgBKbIS8X5vRnSRUL7KBExMhpkAxBpunE10kuWwu0ojXxn5Pey1BJ7EnNnEHi0jsc+dM5RkBlC3NkwkdOetkzMvahDkHZ6qfp7iUGhEBLSq+DlR2ePzjuDTUAlVu14AADfUaNUe8="
-else
-  pass="EncryptedPassword"
-fi
+# if [ "$password" = "hacker" ] ; then
+#   pass="AiU2DSaWBrjobby90aPWqUKtfV6bnpueNcmHKo5+59gXxh9Y1nrxFNpzOaXa/kKdoUEuyoMzCnwK9eXCS9I96u8mDzYQMall1RkJNb8hWxXOiIOI7kp4ivU+bFqRCzBBadtwdFRtvpDiQYhCIb0di3ltNLE017eoMi6sRrd23PY="
+# elif [ "$password" = "commercial" ] ; then
+#   pass="jcFj1Y73ajScjfy2OL6ld76+Xb/pM28UWQJIgBKbIS8X5vRnSRUL7KBExMhpkAxBpunE10kuWwu0ojXxn5Pey1BJ7EnNnEHi0jsc+dM5RkBlC3NkwkdOetkzMvahDkHZ6qfp7iUGhEBLSq+DlR2ePzjuDTUAlVu14AADfUaNUe8="
+# else
+#   pass="EncryptedPassword"
+# fi
+#{AES-256-CBC,50000}
+
+# chmod +x genpasswd
+pass=`./genpasswd $password`
+#gcc genpasswd.c -o genpasswd -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/lib/x86_64-linux-gnu/glib-2.0/include/ -lglib-2.0 -lgnutls
 
 sed -i -e "s;\$password;$pass;" /home/debian/.claws-mail/passwordstorerc
 # AiU2DSaWBrjobby90aPWqUKtfV6bnpueNcmHKo5+59gXxh9Y1nrxFNpzOaXa/kKdoUEuyoMzCnwK9eXCS9I96u8mDzYQMall1RkJNb8hWxXOiIOI7kp4ivU+bFqRCzBBadtwdFRtvpDiQYhCIb0di3ltNLE017eoMi6sRrd23PY=