[dkim-dev] verification failed problems
Bill Volz
bill at atwill.com
Wed Jun 13 08:28:27 PDT 2007
I have written some dkim code but I am getting verification errors from the
test auto responders. I think it may be related to an extra or missing crlf
in the signed header or maybe just the data.
Here is what I am doing may be someone will see what's wrong. Using simple
canonicalization, assuming that the "To" and "From" headers are being signed
and added to the dkim h= tag.
Message:
From:bob at bob.com\r\n
To:bob at bob.com\r\n
\r\n
One line Body\r\n
bh = Hash("One line Body\r\n")
dkhead = "DKIM-Signature: .; bh=" + bh + "\r\n\t;b="
cHeader = "From:bob at bob.com\r\nTo:bob at bob.com\r\n" + dkhead;
b = Sign (cHeader);
dkhead += b + "\r\n";
AddNewHeaderToMsg(dkhead);
One thing in the RFC I wasn't sure of was in section 3.7 Computing the
Message Hashes this line.
The DKIM-Signature header field that exists (verifying) or will be inserted
(signing) in the message, with the value of the "b=" tag deleted (i.e.,
treated as the empty string), canonicalized using the header
canonicalization algorithm specified in the "c=" tag, and without a trailing
CRLF.
Does the "without a trailing CRLF" mean no crlf for the dkim header or the
dkim header should have a crlf but there should be no header ending crlf or
both in which case there is no crlf.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mipassoc.org/pipermail/dkim-dev/attachments/20070613/86cb8886/attachment.html
More information about the dkim-dev
mailing list