I'll admit I'm not very adept at key verification. What I have is a script that downloads messages from a POP3 server, and I'm attempting to verify the DKIM signatures in PHP. I've already figured out the body hash (bh) validation check, but I can't figure out the header validation.
http://www.dkim.org/specs/rfc4871-dkimbase.html#rfc.section.6.1.3
Below is an example of my message headers. I've been able to use the Mail::DKIM package to validate the signature in Perl, so I know it's good. I just can't seem to figure out the instructions in the RFC and translate them into PHP code.
DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;
s=angrychimp-1.bh; d=angrychimp.net;
h=From:X-Outgoing;
b=RVkenibHQ7GwO5Y3tun2CNn5wSnooBSXPHA1Kmxsw6miJDnVp4XKmA9cUELwftf9
nGiRCd3rLc6eswAcVyNhQ6mRSsF55OkGJgDNHiwte/pP5Z47Lo/fd6m7rfCnYxq3
DKIM-Signature: v=1; a=rsa-sha1; d=angrychimp.net; s=angrychimp-1.bh; c=relaxed/simple;
q=dns/txt; [email protected]; t=1268436255;
h=From:Subject:X-Outgoing:Date;
bh=gqhC2GEWbg1t7T3IfGMUKzt1NCc=;
b=ZmeavryIfp5jNDIwbpifsy1UcavMnMwRL6Fy6axocQFDOBd2KjnjXpCkHxs6yBZn
Wu+UCFeAP+1xwN80JW+4yOdAiK5+6IS8fiVa7TxdkFDKa0AhmJ1DTHXIlPjGE4n5;
To: [email protected]
Message-ID: <EF.CC.24859.F1DCA9B4>
From: DKIM Tester <[email protected]>
Reply-To: [email protected]
Subject: Automated DKIM Testing (angrychimp.net)
X-Outgoing: dhaka
Date: Fri, 12 Mar 2010 15:24:15 -0800
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
MIME-Version: 1.0
Return-Path: [email protected]
X-OriginalArrivalTime: 12 Mar 2010 23:25:50.0326 (UTC) FILETIME=[5A0ED160:01CAC23B]
I can extract the public key from my DNS just fine, and I believe I'm canonicalizing the headers correctly, but I just can't get the signature validated. I don't think I'm preparing my key or computing the signature validation correctly.
Is this something that's possible (do I need pear extensions or something?) or is manually validating a DKIM signature in PHP just not feasible?
You can test DKIM by sending an email to a Gmail account, then opening it in the web app and clicking on the “reply” button, and selecting “show original”. In the original format, if you see “signed by along with your domain name,” then your DKIM signature is valid.
To test your DKIM, you can also check if the DNS entry for your DKIM is correct by entering your domain and selector into https://mxtoolbox.com/dkim.aspx. If you set your DKIM entry correctly it will show you the results meaning your DKIM passed the test.
It works by adding a digital signature to the headers of an email message. That signature can be validated against a public cryptographic key in the organization's Domain Name System (DNS) records.
The Mail::DKIM has the following dependencies on other libraries:
All these should be available in PHP also. So manually check the validatity in PHP is controllable. Mail::DKIM is verifiying the signature "manually" with those libs. Maybe you have a peak into source of Mail::DKIM?
Additionaly "OpenDKIM Library (libopendkim)" is available. You can build a PHP-module around this library like other people have integrated OpenSSL, cURL, etc into PHP.
Maybe you can provide the code of your verify-function with some test data, so everyone can have a look at it?
HTH & Best regards
Michael
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With