On May 8, 2024 11:25:11 PM UTC, Steffen Nurpmeso wrote:
>Hello.
>
>So i have had a problem with the little DKIM sign milter i had
>written in that users (receivers, actually) reported back that the
>ED25519 signature produces verification failures (i saw result
>headers of two, and got informed of a third).
>And some of the publically accessible DKIM test sites that were
>announced here also fail, as timely as last Saturday night.
>
>Now, that i did not understand since the RSA is waved through by
>any counterpart i have ever seen, and the code path is the very
>same, and then also i am doing nothing, it is all OpenSSL.
>(Having said that, my published public key was not "raw" but of
>ASN.1 format which Hanno Böck informed me of, back in April
>i think.)
>
>Therefore i took RFC 8032 from Simon Josefsson, which is
>a fantastic thing (beyond my mathematical and cryptographical
>understanding) that includes a complete default implementation of
>the algorithm as such! (And it needs nothing external but SHA-512
>from the standard python hashlib in addition.)
>
>So i took that code and modified the actual driver a litte bit for
>my purpose, and it occurred to me that my sofware generates
>correct signatures. (There is one test outstanding that beats
>onto the canonicalization, but since that works for RSA; anyway
>i want to integrate the outcome in the unit test, thus.)
>
>Anyhow, i had a look around the DKIM implementations, and most of
>them have near-nil ed25519 tests. Some exactly one. Anyhow.
>But that is not why i come here, yet, except that possibly you who
>read this and whose software verification fails the signature of
>this email should possibly have a look again.
>
>I come here because alongside the above i had a look at RFC 8463
>again, and its example in "A.3. Signed Message".
>And if i use its "A.1. Secret Keys", and (manually) normalize the
>example message header of A.3 via "relaxed" from/to
>
> From: Joe SixPack
> from:Joe SixPack ^M$
> To: Suzie Q
> to:Suzie Q ^M$
> Subject: Is dinner ready?
> subject:Is dinner ready?^M$
> Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT)
> date:Fri, 11 Jul 2003 21:00:37 -0700 (PDT)^M$
> Message-ID: <20030712040037.46341.5...@football.example.com>
> message-id:<20030712040037.46341.5...@football.example.com>^M$
>
>plus
>
> dkim-signature:v=1; a=ed25519-sha256; c=relaxed/relaxed;
> d=football.example.com; i=@football.example.com; q=dns/txt; s=brisbane;
> t=1528637909; h=from : to : subject : date : message-id : from : subject :
> date; bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=; b=
>
>which seems correct to me, and pass that through RFC 8032 code:
>
> privkey: b'nWGxne/9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A=\n'
> pubkey : b'11qYAYKxCrfVS/7TyWQHOg7hcvPapiMlrwIaaPcHURo=\n'
> The message is:
> >>>b'from:Joe SixPack \r\nto:Suzie Q
> \r\nsubject:Is dinner ready?\r\ndate:Fri, 11 Jul
> 2003 21:00:37 -0700
> (PDT)\r\nmessage-id:<20030712040037.46341.5...@football.example.com>\r\ndkim-signature:v=1;
> a=ed25519-sha256; c=relaxed/relaxed; d=football.example.com;
> i=@football.example.com; q=dns/txt; s=brisbane; t=1528637909; h=from : to :
> subject : date : message-id : from : subject : date;
> bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=; b='<<<
>
>then i get
>
> Signature:
> b'QGeDV9CRdXSybek0z54GoycZ4/kl1PsNnGoOsCZ0ZOOwiGYFE8Ft0SZpy1XLW/fwlwNFC1k6VaxsnQAH8+9cAA==\n'
> Signature verifies: True
>
>instead of the
>
>
> /gCrinpcQOoIfuHNQIbq4pgh9kyIK3AQUdt9OdqQehSwhEIug4D11BusFa3bT3FY5OsU7ZbnKELq+eXdp1Q1Dw==
>
>of RFC 8463. So either i am totally confused and "have tomatoes
>on my eyes", or this is an errata (and it seems other
>implementation(s) have a problem).
There are multiple implementations that are interoperable with each other and
match the values in the RFC. My first guess would not be a specification error.
Scott K
___
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org
