diff --git a/src/.gitignore b/src/.gitignore
new file mode 100644
index 0000000..03bc573
--- /dev/null
+++ b/src/.gitignore
@@ -0,0 +1,2 @@
+*.raw
+*_exim.conf
diff --git a/src/genkey.c b/src/genkey.c
index 571205c..75dab8e 100644
--- a/src/genkey.c
+++ b/src/genkey.c
@@ -1,5 +1,18 @@
+#include <stdbool.h>
+#include <stdio.h>
 #include <sodium.h>
 
+bool key_contains_zero(unsigned char *key, unsigned int keylen)
+{
+	bool has_zero = false;
+	for (int i = 0; i < keylen; i++) {
+		if (key[i] == 0) {
+			has_zero = true;
+		}
+	}
+	return has_zero;
+}
+
 void
 dump_key_as_c_code(FILE * f, const char *name, unsigned char *key,
 		   unsigned int keylen)
@@ -15,43 +28,115 @@ dump_key_as_c_code(FILE * f, const char *name, unsigned char *key,
 	fprintf(f, "const unsigned int %s_length = %d;\n", name, keylen);
 }
 
+void
+dump_key_as_exim_config(FILE * f, const char *name, unsigned char *key,
+			unsigned int keylen)
+{
+	fprintf(f, "%s = \"", name);
+	for (int i = 0; i < keylen; i++) {
+		fprintf(f, "\\x%02x", key[i]);
+	}
+	fprintf(f, "\"\n");
+}
+
 void
 write_key_files(const char *filebase, const char *varname,
 		unsigned char *key, unsigned int keylen)
 {
 	char header_filename[4096];
+	char exim_filename[4096];
 	char raw_filename[4096];
+	FILE *f;
 
 	sprintf(header_filename, "%s.h", filebase);
+	sprintf(exim_filename, "%s_exim.conf", filebase);
 	sprintf(raw_filename, "%s.raw", filebase);
 
-	// open header file
-	FILE *hfile = fopen(header_filename, "w+");
-	if (hfile == NULL) {
-		fprintf(stderr, "Unable to open %s for writing",
-			header_filename);
+	/*
+	   // open header file
+	   f = fopen(header_filename, "w+");
+	   if (f == NULL) {
+	   fprintf(stderr, "Unable to open %s for writing",
+	   header_filename);
+	   exit(129);
+	   }
+	   // write key as C header
+	   dump_key_as_c_code(f, varname, key, keylen);
+
+	   // close header file
+	   fclose(f);
+	 */
+
+	// open exim config snippet file
+	f = fopen(exim_filename, "w+");
+	if (f == NULL) {
+		fprintf(stderr, "Unable to open %s for writing", exim_filename);
 		exit(129);
 	}
-	// write key as C code
-	dump_key_as_c_code(hfile, varname, key, keylen);
+	// write key as exim config
+	dump_key_as_exim_config(f, varname, key, keylen);
+	fprintf(stderr, "  Wrote »%s«\n", exim_filename);
 
-	// close header file
-	fclose(hfile);
+	// close exim file
+	fclose(f);
 
 	// open raw file
-	FILE *rfile = fopen(raw_filename, "w+");
-	if (rfile == NULL) {
+	f = fopen(raw_filename, "w+");
+	if (f == NULL) {
 		fprintf(stderr, "Unable to open %s for writing", raw_filename);
 		exit(129);
 	}
 	// write key
-	fwrite(key, sizeof(key[0]), keylen, rfile);
+	fwrite(key, sizeof(key[0]), keylen, f);
+	fprintf(stderr, "  Wrote »%s«\n", raw_filename);
 
 	// close raw file
-	fclose(rfile);
+	fclose(f);
 
 }
 
+void create_cryptobox_keys(const char *filebase, const char *varname)
+{
+	unsigned char recipient_pk[crypto_box_PUBLICKEYBYTES];
+	unsigned char recipient_sk[crypto_box_SECRETKEYBYTES];
+
+	while (key_contains_zero(recipient_pk, crypto_box_PUBLICKEYBYTES) &
+	       key_contains_zero(recipient_sk, crypto_box_SECRETKEYBYTES)) {
+		crypto_box_keypair(recipient_pk, recipient_sk);
+	}
+
+	char pk_filename[4096];
+	char pk_varname[4096];
+	char sk_filename[4096];
+	char sk_varname[4096];
+
+	sprintf(pk_filename, "%s_pk", filebase);
+	sprintf(pk_varname, "%s_pk", varname);
+	sprintf(sk_filename, "%s_sk", filebase);
+	sprintf(sk_varname, "%s_sk", varname);
+
+	write_key_files(pk_filename, pk_varname,
+			recipient_pk, crypto_box_PUBLICKEYBYTES);
+	write_key_files(sk_filename, sk_varname,
+			recipient_sk, crypto_box_SECRETKEYBYTES);
+
+}
+
+void create_secretboy_key(const char *filebase, const char *varname) {
+	unsigned char key[crypto_secretbox_KEYBYTES];
+	while (key_contains_zero(key, crypto_secretbox_KEYBYTES)) {
+		crypto_secretbox_keygen(key);
+	}
+
+	char key_filename[4096];
+	char key_varname[4096];
+
+	sprintf(key_filename, "%s_secretbox", filebase);
+	sprintf(key_varname, "%s_key", varname);
+
+	write_key_files(key_filename, key_varname, key, crypto_secretbox_KEYBYTES);
+}
+
 int main(void)
 {
 	if (sodium_init() < 0) {
@@ -59,14 +144,10 @@ int main(void)
 		exit(128);
 	}
 
-	unsigned char recipient_pk[crypto_box_PUBLICKEYBYTES];
-	unsigned char recipient_sk[crypto_box_SECRETKEYBYTES];
-	crypto_box_keypair(recipient_pk, recipient_sk);
-
-	write_key_files("recipient_pk", "recipient_pk", recipient_pk,
-			crypto_box_PUBLICKEYBYTES);
-	write_key_files("recipient_sk", "recipient_sk", recipient_sk,
-			crypto_box_SECRETKEYBYTES);
+	fputs("=== Creating cryptobox key pair ===\n", stderr);
+	create_cryptobox_keys("cryptobox_recipient", "cryptobox_recipient");
+	fputs("=== Creating secretbox key ===\n", stderr);
+	create_secretboy_key("secretbox", "secretbox");
 
 	exit(EXIT_SUCCESS);
 }