Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I verify a DKIM signature in PHP?

Tags:

php

rsa

sha1

dkim

I'll admit I'm not very adept at key verification. What I have is a script that downloads messages from a POP3 server, and I'm attempting to verify the DKIM signatures in PHP. I've already figured out the body hash (bh) validation check, but I can't figure out the header validation.

http://www.dkim.org/specs/rfc4871-dkimbase.html#rfc.section.6.1.3

Below is an example of my message headers. I've been able to use the Mail::DKIM package to validate the signature in Perl, so I know it's good. I just can't seem to figure out the instructions in the RFC and translate them into PHP code.

 DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;
  s=angrychimp-1.bh; d=angrychimp.net;
  h=From:X-Outgoing;
  b=RVkenibHQ7GwO5Y3tun2CNn5wSnooBSXPHA1Kmxsw6miJDnVp4XKmA9cUELwftf9
  nGiRCd3rLc6eswAcVyNhQ6mRSsF55OkGJgDNHiwte/pP5Z47Lo/fd6m7rfCnYxq3
 DKIM-Signature: v=1; a=rsa-sha1; d=angrychimp.net; s=angrychimp-1.bh; c=relaxed/simple;
  q=dns/txt; [email protected]; t=1268436255;
  h=From:Subject:X-Outgoing:Date;
  bh=gqhC2GEWbg1t7T3IfGMUKzt1NCc=;
  b=ZmeavryIfp5jNDIwbpifsy1UcavMnMwRL6Fy6axocQFDOBd2KjnjXpCkHxs6yBZn
  Wu+UCFeAP+1xwN80JW+4yOdAiK5+6IS8fiVa7TxdkFDKa0AhmJ1DTHXIlPjGE4n5;
 To: [email protected]
 Message-ID: <EF.CC.24859.F1DCA9B4>
 From: DKIM Tester <[email protected]>
 Reply-To: [email protected]
 Subject: Automated DKIM Testing (angrychimp.net)
 X-Outgoing: dhaka
 Date: Fri, 12 Mar 2010 15:24:15 -0800
 Content-Type: text/plain; charset=iso-8859-1
 Content-Transfer-Encoding: quoted-printable
 Content-Disposition: inline
 MIME-Version: 1.0
 Return-Path: [email protected]
 X-OriginalArrivalTime: 12 Mar 2010 23:25:50.0326 (UTC) FILETIME=[5A0ED160:01CAC23B]

I can extract the public key from my DNS just fine, and I believe I'm canonicalizing the headers correctly, but I just can't get the signature validated. I don't think I'm preparing my key or computing the signature validation correctly.

Is this something that's possible (do I need pear extensions or something?) or is manually validating a DKIM signature in PHP just not feasible?

like image 346
angrychimp Avatar asked Mar 24 '10 19:03

angrychimp


People also ask

How do I validate a DKIM signature?

You can test DKIM by sending an email to a Gmail account, then opening it in the web app and clicking on the “reply” button, and selecting “show original”. In the original format, if you see “signed by along with your domain name,” then your DKIM signature is valid.

How do I manually check DKIM?

To test your DKIM, you can also check if the DNS entry for your DKIM is correct by entering your domain and selector into https://mxtoolbox.com/dkim.aspx. If you set your DKIM entry correctly it will show you the results meaning your DKIM passed the test.

How does DKIM verification work?

It works by adding a digital signature to the headers of an email message. That signature can be validated against a public cryptographic key in the organization's Domain Name System (DNS) records.


1 Answers

The Mail::DKIM has the following dependencies on other libraries:

  • Crypt::OpenSSL::RSA
  • Digest::SHA
  • Mail::Address (part of the MailTools package)
  • MIME::Base64
  • Net::DNS

All these should be available in PHP also. So manually check the validatity in PHP is controllable. Mail::DKIM is verifiying the signature "manually" with those libs. Maybe you have a peak into source of Mail::DKIM?

Additionaly "OpenDKIM Library (libopendkim)" is available. You can build a PHP-module around this library like other people have integrated OpenSSL, cURL, etc into PHP.

Maybe you can provide the code of your verify-function with some test data, so everyone can have a look at it?

HTH & Best regards

Michael

like image 77
Michael Konietzka Avatar answered Oct 20 '22 13:10

Michael Konietzka