hreese/exim-encrypt-dlfunc
1
0
Fork 0
mirror of https://gitlab.kit.edu/kit/scc/sys/mail/exim-encrypt-dlfunc.git synced 2025-12-06 07:53:56 +01:00
Code Issues Releases Wiki Activity
Files
464e94f4029e7fe9c1537d9a6728143ff406d3f0
exim-encrypt-dlfunc/README.md
Heiko Reese 464e94f402 Added README.md
2021-08-20 02:14:12 +02:00

3.1 KiB
Raw Blame History

exim-encrypt-dlfunc

This library injects functions for string encryption and decryption into exim4. It is basically a little glue code to parts of the libsodium library to exim at runtime.

Installation

These instructions are currently only tested on Debian Linux.

  1. Install development tools and libsodium development files:
apt-get install build-essentials exim4-dev libsodium-dev
  1. Clone this repository:
git clone https://git.scc.kit.edu/mail/exim-encrypt-dlfunc.git
cd exim-encrypt-dlfunc/src
  1. Build genkey if needed (see below for an explanation):
make genkey
  1. Build the library:
make
  1. Copy to final destination (feel free to pick another place than /usr/local/lib/):
sudo install --group=Debian-exim --owner=Debian-exim libexim-encrypt-dlfunc.so /usr/local/lib/

  1. Ensure you have the correct exim flavor:

    Not every flavor of exim is able to load libraries at runtime. Please refer to the documentation of the ${dlfunc{…}} function for details. exim from the debian package exim4-daemon-heavy meets all the requirements.

Usage

There are currently two pairs of functions:

Symmetric encryption that derives its key from an ASCII string:

  • sodium_crypto_secretbox_encrypt_password(password, cleartext) → ciphertext
  • sodium_crypto_secretbox_decrypt_password(password, ciphertext) → cleartext

Public key encryption that uses a key pair that needs to be created beforehand:

  • sodium_crypto_box_seal(public key, cleartext) → ciphertext
  • sodium_crypto_box_seal_open(private key, public key, ciphertext) → cleartext

The second pair needs a proper key pair in the correct format. This is ehat the genkey utility is for. Simply run it once to generate a pair. Be aware that every invocation will overwrite the previous key pair without confirmation! Please save both parts in a safe place before proceeding.

$ ./genkey 
=== Creating cryptobox key pair ===
  Wrote »cryptobox_recipient_pk_exim.conf«
  Wrote »cryptobox_recipient_pk.raw«
  Wrote »cryptobox_recipient_sk_exim.conf«
  Wrote »cryptobox_recipient_sk.raw

The *_exim.conf files contain the keys in a format that can simply be pasted into exim.conf (the first line contains the key as C code and can usually be discarded):

$ cat cryptobox_recipient_pk_exim.conf
# const unsigned char cryptobox_recipient_pk[32] = { 0xda, 0x46, 0xc8, 0x75, 0x2b, 0x31, 0xd9, 0x0c, 0x83, 0x54, 0x2d, 0x18, 0xda, 0xdc, 0xe5, 0x2d, 0x0e, 0x10, 0xe8, 0x0c, 0x39, 0xde, 0xaf, 0x30, 0x7e, 0xab, 0xca, 0x4d, 0xed, 0x26, 0x4d, 0x6e }; const unsigned int cryptobox_recipient_pk_length = 32;
cryptobox_recipient_pk = "2kbIdSsx2QyDVC0Y2tzlLQ4Q6Aw53q8wfqvKTe0mTW4="

The *.raw files contain the same key without any formatting; these files are not needed for usage with exim but are generated as convenience when writing your own tools.

Example

To be done…