[mailop] OpenDKIM KeyTable with inline keys

Luis E. Muñoz via mailop Tue, 24 Apr 2018 16:46:25 -0700


Hi there,

The text "otherwise it is itself a PEM-encoded private key or abase64-encoded DER private key" in the documentation for opendkim.conf(http://opendkim.org/opendkim.conf.5.html) lead me to believe that it'spossible to simply take the private key, concatenate the base64 linesand place them in a KeyTable record as in this (single) huge line.


s52841524074460 
lem.click:s52841524074460:MIIEowIBAAKCAQEAuNRfoOiqpWmkPcp2wDQLVN+N8IOf/Ak1v8TGj1BAPdv+HcJToPlNaPNezIUOkcpkPV5acwv6NSe8KdolLk4NZ3UZ2P57uCLqoK77uhNmSCnZlNfDonuD/xOFl8L8X77xX6NqZ1tdqPmrO4qFxmLJa0CnKJfp9cunYG+Vwn55wQ+psgzvKgdtgjVGcxeSKCyki7unpulCV6BoTAfQIlkbP1zHghZdspjBbUuwQKbXezjPfFFDSnCgTXWADprjpHC0/Sx/k065Q78BVekJybn4e41xmlGt41kxbfcISaWgT4hh+0tloUaOPx/IU9JBasIoddDUUC8Fbw/7IHS4n06EcwIDAQABAoIBAEqJ6177Ngarif8ZbbapxoAeACIlExoTpMeH1gPp+153IA5kVlGu+NcAfxS//FYzZyWQra2EAQ36zlmajjAUbjdw9FGcn8xs2G6g4wfx1uf3aLYsJcubQGpYNyIzEpCScsl9H+Y65JTGy5Whkb2mDVDhrAgk68eisAemOKFNXFDNDoCvgkfFZZuqfRID5v/JRYRvNWIxtbkOaZm7afS+S5zETKnLJScY5cp3H8Fqkn/uWML6T4JKRTMBB2AV1VOUEQ9Sz7Wteh+gGAB8ZCzjD97LaUPXL3nkgP1qPx/7ICLb3QshEMJSNEc4ZNmVxNArfl7CpMq+/wVg6G1R0JQ9q9ECgYEAzNu8yt3gUTpLfka7DnDHeJXcUVXMm8+U/W3QmFdFLCAf/L+FCIl0qijltlGzyV/dlg9ZwhgRw8EKs32/vIg0VXcvVcPGioJTe+XPYLskjPG6JLQ/v/o4HoyBRea9GUHNjZ+0jzIuPg8cgcvNlJVgsCQBiZt/RpZ17Ht4GGAGancCgYEA5vie4RptnGWDOEYT7/01gRBsnk8HTa8xprnTTPImCxqqouk8ZZ/e+41YGpbXvdMhLefo+JSCyDIVbF+Z1hpECcoGPR6noA0flj9CgmXIup2wRn5tBdMVifXximstfY/BEXdx6nN7qoFKd3cK3stX1kBnZ453vla7q1x0u56C+OUCgYB6RTztqHhWgwDEIdtLxyyHYIrbUOaKqN84U+8Ivi3fJF1zMaxpaAFl/nr80s8IBlvvUMI2Ar+3ouSMNSXXlUQHLtflzLAXw6mobYXVKl2qciyz85GJOAN+2EXgPtPm20ugmA3g2gaXq9VL8ySE5pOLDjKMu26/5tYDi74mbknmCQKBgQCvMTnh6JfnnyAPGSiaSmfBA+I/mhYiGJcCrcTWgn3Uwl9Xvq3vL3qFN8ryMCRoebKbDWMq2grxKvwQ/drECZw+CJz+0ze2MP4aitU571Z4Jo/EiLTNTDT0NjcGFRGmQdniE8W2Xe4ZgIQpZYQ7ReXUP3mvlOLC3yruaeypOyyA+QKBgANQUGl3wvVp8Ob8ZP7X9+ZYx6DUuTX6kVFyO5iqUgpWzZReuJ/6DTw5vCKgD1kl61wuTPj+nZJtEvhXGjkDo+SuOd81daQnzNnb/+AVj92HWYAVKUJf7LscK+iW3tErlBAHLW0RWWke/n7NdbntEqIcVFtWbs/kf7JElbXmi2Xj

I'm missing something because when trying to send mail with thisconfiguration, I get

Apr 24 23:12:39 ip-10-0-0-64 opendkim[15424]: w3ONCc3J015439: SSLerror:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag;error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nestedasn1 error; error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrongtag; error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nestedasn1 error; error:04093004:rsa routines:old_rsa_priv_decode:RSA lib;error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag;error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1errorApr 24 23:12:39 ip-10-0-0-64 opendkim[15424]: w3ONCc3J015439:dkim_eom(): resource unavailable: d2i_PrivateKey_bio() failed

However, I took the private key material above and placed it in a fileas follows:

After the corresponding change in SigningTable to look for the privatekey in my shiny new private key file, it works:

pr 24 23:13:41 ip-10-0-0-64 sm-mta[15458]: w3ONDeW3015458: Milter insert(1): header: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;d=lem.click;\n\ts=s52841524074460; t=1524611621;\n\tb⋯CwA==

All the examples I've been able to find, follow the tradition of placingthe private key in a separate file. I didn't see any opendkim test casesor examples for a KeyTable as the one I would like to have, so doesanybody know what am I missing?


Thanks in advance

-lem

_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] OpenDKIM KeyTable with inline keys

Reply via email to