hreese/exim-encrypt-dlfunc
1
0
Fork 0
mirror of https://gitlab.kit.edu/kit/scc/sys/mail/exim-encrypt-dlfunc.git synced 2025-12-06 10:03:56 +01:00
Code Issues Releases Wiki Activity

Added first incomplete example to README.md

Browse Source
This commit is contained in:
Heiko Reese
2021-08-20 02:48:08 +02:00
parent 464e94f402
commit 44bb873b04
1 changed files with 23 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
README.md
View File

@ -55,6 +55,8 @@ Symmetric encryption that derives its key from an ASCII string:
* `sodium_crypto_secretbox_encrypt_password(password, cleartext) → ciphertext` * `sodium_crypto_secretbox_encrypt_password(password, cleartext) → ciphertext`
* `sodium_crypto_secretbox_decrypt_password(password, ciphertext) → cleartext` * `sodium_crypto_secretbox_decrypt_password(password, ciphertext) → cleartext`
The generated key is only as strong as the provided password.
Public key encryption that uses a key pair that needs to be created beforehand: Public key encryption that uses a key pair that needs to be created beforehand:
* `sodium_crypto_box_seal(public key, cleartext) → ciphertext` * `sodium_crypto_box_seal(public key, cleartext) → ciphertext`
@ -85,6 +87,25 @@ cryptobox_recipient_pk = "2kbIdSsx2QyDVC0Y2tzlLQ4Q6Aw53q8wfqvKTe0mTW4="
The `*.raw` files contain the same key without any formatting; these files are not needed for usage with exim but are The `*.raw` files contain the same key without any formatting; these files are not needed for usage with exim but are
generated as convenience when writing your own tools. generated as convenience when writing your own tools.
### Example ### Example: remove `X-Originating-IP:` header
To be done… This example's use case was the initial reason to develop this library: remove the X-Originating-IP header to preserve
our user's privacy but also keep the information in the final e-mail to enable response to complaints and abuse (the
original header is usually provided in these cases). Add this snippet to your DATA ACL section in exim:
```exim
warn log_message = Removing X-Originating-IP header
condition = ${if def:h_X-originating-IP: {1}{0}}
add_header = X-KIT-Orig-IP-PKK: ${dlfunc{/usr/local/lib/libexim-encrypt-dlfunc.so} \
{sodium_crypto_box_seal} \
{ktp1OEEItrgvSfpVTtu+ybyNjzuuN8OzCdfrGAJt4j8=} \
{$h_X-originating-IP:}}
add_header = X-KIT-Orig-IP-Pass: ${dlfunc{/usr/local/lib/libexim-encrypt-dlfunc.so} \
{sodium_crypto_secretbox_encrypt_password} \
{This is a very non-secret key} \
{$h_X-originating-IP:}}
remove_header = X-Originating-IP
```
Pick one of the `add_header` lines depending on which kind of encryption you want.