On Thu, 24 Nov 2022, Jasen Betts via Exim-users wrote:
On 2022-11-23, Jeremy Harris via Exim-users <exim-users@exim.org> wrote:
On 23/11/2022 00:16, Dengler, Gabriel via Exim-users wrote:
I want to store the incoming e-mails using the Maildir file format encrypted by
using some symmetric encryption using the user's password
It seems like a generally valuable concept - but I'd think that assymetric
encryption
of the data-at-rest is more appropriate than symmetric. The MDA (exim, here,
receiving
a message and delivering to file) shou be able to encrypt for the destination
user
but NOT decrypt. So it should have access to a public key and not a private key
for the destination mailbox - and this is entirely separate from notions of
SMTP authentication.
Where to implement it in the code? Probably pretty late in the appendfile
transport; about where it's doing actual writes to the file fd - and using
a public key supplied via a transport option (which the config pulls
from a database lookup using the username, or localpart, or whatever)
and perhaps another giving the cipher scheme.
Perhaps use some sort of GPG wrapper as a transport_filter,
and do decryption client-side?
Ah.
If we use OpenPGP format then the recipient can use any
PGP-aware client to read the message.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
