Re: Successful LDAP signing test
On Fri, 19 Feb 2010, Murray S. Kucherawy wrote:
> So the next question is: Which of the things you tried is actually
> easier for an LDAP administrator to do? I'm fine with supporting
> DER-style keys for LDAP (and probably SQL and maybe Sleepycat) but we
> also need to consider that flat files can't use anything with linefeeds,
> so all-on-one-line keys will have to be supported as well.
>
> Maybe we need a "PrivateKeyFormat" parameter that tells it how to
> interpret whatever it gets back from the KeyTable?
Another issue is that the "secretkey" parameter to libopendkim's
dkim_sign() function expects a PEM-formatted key (which wasn't documented,
though I've now fixed that). Changing it to require DER-formatted keys
might make upgrading a pain for a lot of people that just use the library.
I suppose we could include a utility function for converting PEM to DER if
we make that change, though there's a potential for user mistakes when
adding that bit of complexity there.
We might be able to have dkim_sign() auto-select PEM/DER based on whether
or not the first five bytes are "-----", but I'm not sure how safe that
is.
Received on Sat Feb 20 2010 - 07:49:56 PST
This archive was generated by hypermail 2.3.0
: Mon Oct 29 2012 - 23:32:52 PST