[dkim-dev] verification failed problems

Eric Allman eric at sendmail.com
Wed Jun 13 14:27:03 PDT 2007 

Ah.  I think the problem is that you need to append the \r\n on b= 
before you sign.  You're adding it after signing.

Just as a check, I get 0b1efa6aea8bd4161554942d1a35b5d1b68ed53a for 
your SHA1 body hash.

eric


--On June 13, 2007 2:47:41 PM -0400 Bill Volz <bill at quiksoft.com> 
wrote:

> Sorry I did not make this clear but I do have those fields.  I just
> replaced that part of the header with the ellipses to try slim down
> the email.  Also I am trying to get sha1 working first then move on
> to sha256.  This is because I know my sha1 works since my older
> DomainKeys code works with it.
>
> 	
> From: bill at atwill.com\r\n
> To: sa-test at sendmail.net\r\n
> \r\n
> One line Body\r\n
>
>
>
>  bh = Hash("One line Body\r\n")
>  dkhead = "DKIM-Signature: v=DKIM1; a=rsa-sha1; d=atwill.com;
> s=testkey;\r\n\tc=simple; q=dns/txt;
> t=1181750120;\r\n\th=from:to;\r\n bh=" + bh + ";\r\n\tb="
>  cHeader = "From:bob at atwill.com\r\nTo:bob at atwill.com\r\n" +  dkhead;
>  b = Sign (cHeader);
>  dkhead += b + "\r\n";
>
>
>
>  AddNewHeaderToMsg(dkhead);
>
> Bill Volz
>
> -----Original Message-----
> From: Eric Allman [mailto:eric at sendmail.com]
> Sent: Wednesday, June 13, 2007 12:13 PM
> To: Bill Volz
> Cc: dkim-dev at mipassoc.org
> Subject: Re: [dkim-dev] verification failed problems
>
> There are several things wrong with your DKIM-Signature header
> field.  You MUST have a v=, you MUST have an s=, you MUST have a=,
> you MUST  have d=, and you MUST have h=.  See section 3.5 of RFC
> 4871 for  details.
>
> eric
>
>
>
> --On June 13, 2007 11:28:27 AM -0400 Bill Volz <bill at atwill.com>
>
>>>
>>
>>
>> One thing in the RFC I wasn't sure of was in section 3.7 Computing
>> the Message Hashes  this line.
>>
>> The DKIM-Signature header field that exists (verifying) or will be
>> inserted (signing) in the message, with the value of the "b=" tag
>> deleted (i.e., treated as the empty string), canonicalized using
>> the header canonicalization algorithm specified in the "c=" tag,
>> and without a trailing CRLF.
>>
>>
>>
>> Does the "without a trailing CRLF" mean no crlf for the dkim header
>> or the dkim header should have a crlf but there should be no header
>> ending crlf or both in which case there is no crlf.
>>
>
>
>
>

More information about the dkim-dev mailing list