From 44bb873b04412b75671734e7ae098f37d896c276 Mon Sep 17 00:00:00 2001
From: Heiko Reese <heiko.reese@kit.edu>
Date: Fri, 20 Aug 2021 02:48:08 +0200
Subject: [PATCH] Added first incomplete example to README.md

---
 README.md | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 645bc24..3f204a2 100644
--- a/README.md
+++ b/README.md
@@ -55,6 +55,8 @@ Symmetric encryption that derives its key from an ASCII string:
 * `sodium_crypto_secretbox_encrypt_password(password, cleartext) → ciphertext`
 * `sodium_crypto_secretbox_decrypt_password(password, ciphertext) → cleartext`
 
+The generated key is only as strong as the provided password.
+
 Public key encryption that uses a key pair that needs to be created beforehand:
 
 * `sodium_crypto_box_seal(public key, cleartext) → ciphertext`
@@ -85,6 +87,25 @@ cryptobox_recipient_pk = "2kbIdSsx2QyDVC0Y2tzlLQ4Q6Aw53q8wfqvKTe0mTW4="
 The `*.raw` files contain the same key without any formatting; these files are not needed for usage with exim but are
 generated as convenience when writing your own tools.
 
-### Example
+### Example: remove `X-Originating-IP:` header
 
-To be done…
\ No newline at end of file
+This example's use case was the initial reason to develop this library: remove the X-Originating-IP header to preserve
+our user's privacy but also keep the information in the final e-mail to enable response to complaints and abuse (the
+original header is usually provided in these cases). Add this snippet to your DATA ACL section in exim:
+
+```exim
+warn log_message   = Removing X-Originating-IP header
+     condition     = ${if def:h_X-originating-IP: {1}{0}}
+     add_header    = X-KIT-Orig-IP-PKK: ${dlfunc{/usr/local/lib/libexim-encrypt-dlfunc.so} \
+                                                {sodium_crypto_box_seal} \
+                                                {ktp1OEEItrgvSfpVTtu+ybyNjzuuN8OzCdfrGAJt4j8=} \
+                                                {$h_X-originating-IP:}}
+     add_header    = X-KIT-Orig-IP-Pass: ${dlfunc{/usr/local/lib/libexim-encrypt-dlfunc.so} \
+                                                 {sodium_crypto_secretbox_encrypt_password} \
+                                                 {This is a very non-secret key} \
+                                                 {$h_X-originating-IP:}}
+     remove_header = X-Originating-IP
+
+```
+
+Pick one of the `add_header` lines depending on which kind of encryption you want.
\ No newline at end of file