On Sat, Feb 20, 2010 at 08:37:53AM -0800, Murray S. Kucherawy <msk_at_blackops.org> wrote:
> So that's what I've done. dkim_sign() now checks to see whether or not
> the provided "secretkey" paramter starts with "MII"; if it does, it will
> pass the secretkey to the base64 decode function and store the output,
> otherwise it makes a copy of the provided key directly. Then in
> dkim_eom_sign(), there's a second check for "-----"; if it's there, the
> PEM decode function is called on the stored key, otherwise the DER decode
> function is called. That handles the PEM and base64-encoded DER forms;
> passing in raw DER will be copied directly and passed to the PEM
> functions, which will error out. (Passing in raw DER as a string, which
> is what the API currently expects, is a tricky prospect to begin with.)
That seems quite reasonable.
> I also updated libopendkim/docs/dkim_sign.html accordingly.
>
> To test this, I tried changing opendkim/tests/t-sign-rs-tables.keys so
> that rather than referencing a file containing a PEM key, that file
> actually contains the base64-encoded DER key just by stripping off the
> begin/end tags and concatenating the lines of the key, including the
> whitespaces "vi" inserts when you do line joins. The test still worked.
> Then I reverted that file to its original form to test the PEM version,
> and that still worked.
>
> Let me know if it works for you. And thanks for all this feedback!
I should be able to bang on it today. Thanks for taking the feedback ;).
--
Mike Markley <mike_at_markley.org>
When the weight of the paperwork equals the weight of the plane, the
plane will fly.
- Donald Douglas
Received on Sat Feb 20 2010 - 21:44:55 PST