CVSROOT: /cvs
Module name: src
Changes by: gil...@cvs.openbsd.org 2012/08/29 10:26:17
Modified files:
usr.sbin/smtpd : compress_backend.c mta.c parse.y
queue_backend.c smtp.c smtpd.c smtpd.conf.5
smtpd.h
usr.sbin/smtpd/makemap: Makefile
usr.sbin/smtpd/smtpctl: Makefile
usr.sbin/smtpd/smtpd: Makefile
Added files:
usr.sbin/smtpd : crypto_backend.c
Log message:
Introduce the crypto_backend API and provide support for... encrypted queue
using the new API. By default, OpenSMTPD does not provide queue encryption,
but it can be enabled with "queue encryption [args]" and will transparently
encrypt/decrypt envelopes/messages as they hit the queue.
By default, it will use Blowfish in CBC mode with a different random IV for
each envelope and message. User provided key is expanded using sha256 but a
different cipher and digest may be specified in smtpd.conf
Queue encryption is compatible with compression and if both options are set
it will do them in correct order and transparently.
tested by chl@, a few users and myself
ok chl@ and I
