On Thu, 24 Nov 2022, Jasen Betts via Exim-users wrote:
> On 2022-11-23, Jeremy Harris via Exim-users <exim-users@???> wrote:
>> On 23/11/2022 00:16, Dengler, Gabriel via Exim-users wrote:
>>> I want to store the incoming e-mails using the Maildir file format encrypted by using some symmetric encryption using the user's password
>>
>> It seems like a generally valuable concept - but I'd think that assymetric encryption
>> of the data-at-rest is more appropriate than symmetric. The MDA (exim, here, receiving
>> a message and delivering to file) shou be able to encrypt for the destination user
>> but NOT decrypt. So it should have access to a public key and not a private key
>> for the destination mailbox - and this is entirely separate from notions of
>> SMTP authentication.
>>
>> Where to implement it in the code? Probably pretty late in the appendfile
>> transport; about where it's doing actual writes to the file fd - and using
>> a public key supplied via a transport option (which the config pulls
>> from a database lookup using the username, or localpart, or whatever)
>> and perhaps another giving the cipher scheme.
>
> Perhaps use some sort of GPG wrapper as a transport_filter,
> and do decryption client-side?
Ah.
If we use OpenPGP format then the recipient can use any
PGP-aware client to read the message.
--
Andrew C. Aitchison Kendal, UK
andrew@???
