On May 8, 2024 11:25:11 PM UTC, Steffen Nurpmeso <stef...@sdaoden.eu> wrote: >Hello. > >So i have had a problem with the little DKIM sign milter i had >written in that users (receivers, actually) reported back that the >ED25519 signature produces verification failures (i saw result >headers of two, and got informed of a third). >And some of the publically accessible DKIM test sites that were >announced here also fail, as timely as last Saturday night. > >Now, that i did not understand since the RSA is waved through by >any counterpart i have ever seen, and the code path is the very >same, and then also i am doing nothing, it is all OpenSSL. >(Having said that, my published public key was not "raw" but of >ASN.1 format which Hanno Böck informed me of, back in April >i think.) > >Therefore i took RFC 8032 from Simon Josefsson, which is >a fantastic thing (beyond my mathematical and cryptographical >understanding) that includes a complete default implementation of >the algorithm as such! (And it needs nothing external but SHA-512 >from the standard python hashlib in addition.) > >So i took that code and modified the actual driver a litte bit for >my purpose, and it occurred to me that my sofware generates >correct signatures. (There is one test outstanding that beats >onto the canonicalization, but since that works for RSA; anyway >i want to integrate the outcome in the unit test, thus.) > >Anyhow, i had a look around the DKIM implementations, and most of >them have near-nil ed25519 tests. Some exactly one. Anyhow. >But that is not why i come here, yet, except that possibly you who >read this and whose software verification fails the signature of >this email should possibly have a look again. > >I come here because alongside the above i had a look at RFC 8463 >again, and its example in "A.3. Signed Message". >And if i use its "A.1. Secret Keys", and (manually) normalize the >example message header of A.3 via "relaxed" from/to > > From: Joe SixPack <j...@football.example.com> > from:Joe SixPack <j...@football.example.com>^M$ > To: Suzie Q <su...@shopping.example.net> > to:Suzie Q <su...@shopping.example.net>^M$ > Subject: Is dinner ready? > subject:Is dinner ready?^M$ > Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT) > date:Fri, 11 Jul 2003 21:00:37 -0700 (PDT)^M$ > Message-ID: <20030712040037.46341.5...@football.example.com> > message-id:<20030712040037.46341.5...@football.example.com>^M$ > >plus > > dkim-signature:v=1; a=ed25519-sha256; c=relaxed/relaxed; > d=football.example.com; i=@football.example.com; q=dns/txt; s=brisbane; > t=1528637909; h=from : to : subject : date : message-id : from : subject : > date; bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=; b= > >which seems correct to me, and pass that through RFC 8032 code: > > privkey: b'nWGxne/9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A=\n' > pubkey : b'11qYAYKxCrfVS/7TyWQHOg7hcvPapiMlrwIaaPcHURo=\n' > The message is: > >>>b'from:Joe SixPack <j...@football.example.com>\r\nto:Suzie Q > <su...@shopping.example.net>\r\nsubject:Is dinner ready?\r\ndate:Fri, 11 Jul > 2003 21:00:37 -0700 > (PDT)\r\nmessage-id:<20030712040037.46341.5...@football.example.com>\r\ndkim-signature:v=1; > a=ed25519-sha256; c=relaxed/relaxed; d=football.example.com; > i=@football.example.com; q=dns/txt; s=brisbane; t=1528637909; h=from : to : > subject : date : message-id : from : subject : date; > bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=; b='<<< > >then i get > > Signature: > b'QGeDV9CRdXSybek0z54GoycZ4/kl1PsNnGoOsCZ0ZOOwiGYFE8Ft0SZpy1XLW/fwlwNFC1k6VaxsnQAH8+9cAA==\n' > Signature verifies: True > >instead of the > > > /gCrinpcQOoIfuHNQIbq4pgh9kyIK3AQUdt9OdqQehSwhEIug4D11BusFa3bT3FY5OsU7ZbnKELq+eXdp1Q1Dw== > >of RFC 8463. So either i am totally confused and "have tomatoes >on my eyes", or this is an errata (and it seems other >implementation(s) have a problem).
There are multiple implementations that are interoperable with each other and match the values in the RFC. My first guess would not be a specification error. Scott K _______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
