On Thu, Feb 18, 2010 at 09:47:49PM -0800, Murray S. Kucherawy <msk_at_blackops.org> wrote:
> >Non-obvious (to me) questions:
> >- Should this be working as a substitute for files in KeyList already?
>
> Yes, it should. There's a unit test in the opendkim/tests directory that
> tries to sign using KeyTable and SigningTable that tries it at least for
> flat files and it seems to work.
What I've got from CVS doesn't seem to include KeyTable or SigningTable.
Or, for that matter, opendkim/tests/. Specifying an LDAP URI for KeyList
causes an error loading the keys. Should I still be poking at the branch
or is this all in HEAD now?
> >- When dkimf_db_get() returns a private key, what format are you
> > expecting that in? It looks like (at least in querytest mode) it
> > doesn't react well to getting back binary data right now (DER), so are
> > you expecting PEM? Could just be a display bug, too, I guess.
>
> It expects either a PEM-formatted key or a path to a file that contains
> one. I actually hadn't thought of supporting DER or other formats. Can
> you adapt to PEM easily enough or is that something we should accomodate?
I think that, as long as it's documented, it should be fine. There's
a standard LDAP syntax for certificates, but it's not clear to me that
it supports private keys (I couldn't get it to work, at any rate). The
only difference between PEM and DER is the base64 encoding and the
header/footer lines, so it's probably not a big change to support both
(and OpenSSL may even do it for you).
Does that mean that the LDAP attribute holding the private key should
also include the PEM header/footer lines and be wrapped to 64
characters? Because of the issues above, I can't actually try signing
any messages, so I have no idea if the results coming back from my LDAP
server are in a useful format (just that they're retrieved
successfully).
--
Mike Markley <mike_at_markley.org>
There is an order of things in this universe.
- Apollo, "Who Mourns for Adonais?" stardate 3468.1
Received on Fri Feb 19 2010 - 06:02:06 PST