[dkim-dev] verification failed problems
Eric Allman
eric at sendmail.com
Wed Jun 13 09:13:24 PDT 2007
There are several things wrong with your DKIM-Signature header field.
You MUST have a v=, you MUST have an s=, you MUST have a=, you MUST
have d=, and you MUST have h=. See section 3.5 of RFC 4871 for
details.
eric
--On June 13, 2007 11:28:27 AM -0400 Bill Volz <bill at atwill.com>
wrote:
> I have written some dkim code but I am getting verification errors
> from the test auto responders. I think it may be related to an
> extra or missing crlf in the signed header or maybe just the data.
>
>
>
> Here is what I am doing may be someone will see what's wrong.
> Using simple canonicalization, assuming that the "To" and "From"
> headers are being signed and added to the dkim h= tag.
>
>
>
> Message:
>
>
>
> From:bob at bob.com\r\n
> To:bob at bob.com\r\n
> \r\n
> One line Body\r\n
>
>
>
> bh = Hash("One line Body\r\n")
> dkhead = "DKIM-Signature: .; bh=" + bh + "\r\n\t;b="
> cHeader = "From:bob at bob.com\r\nTo:bob at bob.com\r\n" + dkhead;
> b = Sign (cHeader);
> dkhead += b + "\r\n";
>
>
>
> AddNewHeaderToMsg(dkhead);
>
>
>
>
>
> One thing in the RFC I wasn't sure of was in section 3.7 Computing
> the Message Hashes this line.
>
> The DKIM-Signature header field that exists (verifying) or will be
> inserted (signing) in the message, with the value of the "b=" tag
> deleted (i.e., treated as the empty string), canonicalized using
> the header canonicalization algorithm specified in the "c=" tag,
> and without a trailing CRLF.
>
>
>
> Does the "without a trailing CRLF" mean no crlf for the dkim header
> or the dkim header should have a crlf but there should be no header
> ending crlf or both in which case there is no crlf.
>
More information about the dkim-dev
mailing list