dkim-dev
[Top] [All Lists]

RE: [dkim-dev] verification failed problems

2007-06-13 14:35:22
Ah. I think the problem is that you need to append the \r\n on b= before you sign. You're adding it after signing.

Just as a check, I get 0b1efa6aea8bd4161554942d1a35b5d1b68ed53a for your SHA1 body hash.

eric


--On June 13, 2007 2:47:41 PM -0400 Bill Volz <bill(_at_)quiksoft(_dot_)com> wrote:

Sorry I did not make this clear but I do have those fields.  I just
replaced that part of the header with the ellipses to try slim down
the email.  Also I am trying to get sha1 working first then move on
to sha256.  This is because I know my sha1 works since my older
DomainKeys code works with it.

        
From: bill(_at_)atwill(_dot_)com\r\n
To: sa-test(_at_)sendmail(_dot_)net\r\n
\r\n
One line Body\r\n



 bh = Hash("One line Body\r\n")
 dkhead = "DKIM-Signature: v=DKIM1; a=rsa-sha1; d=atwill.com;
s=testkey;\r\n\tc=simple; q=dns/txt;
t=1181750120;\r\n\th=from:to;\r\n bh=" + bh + ";\r\n\tb="
 cHeader = "From:bob(_at_)atwill(_dot_)com\r\nTo:bob(_at_)atwill(_dot_)com\r\n" 
+  dkhead;
 b = Sign (cHeader);
 dkhead += b + "\r\n";



 AddNewHeaderToMsg(dkhead);

Bill Volz

-----Original Message-----
From: Eric Allman [mailto:eric(_at_)sendmail(_dot_)com]
Sent: Wednesday, June 13, 2007 12:13 PM
To: Bill Volz
Cc: dkim-dev(_at_)mipassoc(_dot_)org
Subject: Re: [dkim-dev] verification failed problems

There are several things wrong with your DKIM-Signature header
field.  You MUST have a v=, you MUST have an s=, you MUST have a=,
you MUST  have d=, and you MUST have h=.  See section 3.5 of RFC
4871 for  details.

eric



--On June 13, 2007 11:28:27 AM -0400 Bill Volz <bill(_at_)atwill(_dot_)com>




One thing in the RFC I wasn't sure of was in section 3.7 Computing
the Message Hashes  this line.

The DKIM-Signature header field that exists (verifying) or will be
inserted (signing) in the message, with the value of the "b=" tag
deleted (i.e., treated as the empty string), canonicalized using
the header canonicalization algorithm specified in the "c=" tag,
and without a trailing CRLF.



Does the "without a trailing CRLF" mean no crlf for the dkim header
or the dkim header should have a crlf but there should be no header
ending crlf or both in which case there is no crlf.







_______________________________________________
dkim-dev mailing list
dkim-dev(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-dev

<Prev in Thread] Current Thread [Next in Thread>