dkim-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [dkim-dev] verification failed problems

2007-06-13 15:41:50
from [Eric Allman] [Permanent Link]
Bleah. Murray (who implemented our code) points out to me that I was incorrect, since the DKIM-Signature field is handled specially. I've asked him to look at this problem (he's also on the dkim-dev list). 

eric
--On June 13, 2007 2:27:03 PM -0700 Eric Allman <eric(_at_)sendmail(_dot_)com> wrote: 


Ah.  I think the problem is that you need to append the \r\n on b=
before you sign.  You're adding it after signing.

Just as a check, I get 0b1efa6aea8bd4161554942d1a35b5d1b68ed53a for
your SHA1 body hash.

eric


--On June 13, 2007 2:47:41 PM -0400 Bill Volz <bill(_at_)quiksoft(_dot_)com>
wrote:


Sorry I did not make this clear but I do have those fields.  I just
replaced that part of the header with the ellipses to try slim down
the email.  Also I am trying to get sha1 working first then move on
to sha256.  This is because I know my sha1 works since my older
DomainKeys code works with it.

        
From: bill(_at_)atwill(_dot_)com\r\n
To: sa-test(_at_)sendmail(_dot_)net\r\n
\r\n
One line Body\r\n



 bh = Hash("One line Body\r\n")
 dkhead = "DKIM-Signature: v=DKIM1; a=rsa-sha1; d=atwill.com;
s=testkey;\r\n\tc=simple; q=dns/txt;
t=1181750120;\r\n\th=from:to;\r\n bh=" + bh + ";\r\n\tb="
 cHeader = "From:bob(_at_)atwill(_dot_)com\r\nTo:bob(_at_)atwill(_dot_)com\r\n" 
+
 dkhead; b = Sign (cHeader);
 dkhead += b + "\r\n";



 AddNewHeaderToMsg(dkhead);

Bill Volz

-----Original Message-----
From: Eric Allman [mailto:eric(_at_)sendmail(_dot_)com]
Sent: Wednesday, June 13, 2007 12:13 PM
To: Bill Volz
Cc: dkim-dev(_at_)mipassoc(_dot_)org
Subject: Re: [dkim-dev] verification failed problems

There are several things wrong with your DKIM-Signature header
field.  You MUST have a v=, you MUST have an s=, you MUST have a=,
you MUST  have d=, and you MUST have h=.  See section 3.5 of RFC
4871 for  details.

eric



--On June 13, 2007 11:28:27 AM -0400 Bill Volz <bill(_at_)atwill(_dot_)com>






One thing in the RFC I wasn't sure of was in section 3.7 Computing
the Message Hashes  this line.

The DKIM-Signature header field that exists (verifying) or will be
inserted (signing) in the message, with the value of the "b=" tag
deleted (i.e., treated as the empty string), canonicalized using
the header canonicalization algorithm specified in the "c=" tag,
and without a trailing CRLF.



Does the "without a trailing CRLF" mean no crlf for the dkim
header or the dkim header should have a crlf but there should be
no header ending crlf or both in which case there is no crlf.











_______________________________________________
dkim-dev mailing list
dkim-dev(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-dev
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [dkim-dev] verification failed problems, Eric Allman
Next by Date:  RE: [dkim-dev] verification failed problems, Murray S. Kucherawy
Previous by Thread:  RE: [dkim-dev] verification failed problems, Eric Allman
Next by Thread:  RE: [dkim-dev] verification failed problems, Murray S. Kucherawy
Indexes:  [Date] [Thread] [Top] [All Lists]