Re: The signatures in the mail header and my installed keys don't match.

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Tue, 19 May 2015 13:55:55 -0700 (PDT)

On Tue, 19 May 2015, Mike McKoy wrote:
> So I've installed OPENDKIM and want to get it working before I setup NAMED
> on this server. Currently Godaddy is handling my DNS. DKIM is signing
> messages but it seems to be using the wrong key. I don't know how it is
> doing this because I checked the keys in /etc/opendkim/keys and they don't
> resemble the one I see in the header. Looking in maillogs there are no
> errors when signing. 
>
> Here is a copy of of my key:
> "v=DKIM1; k=rsa; "
> "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCn9CWknWP9Og0wVt4xoDsBLJHfatuP/6GTSR2+VE4w7bIgF1E5SPlJp2qEu87NnkNSFttfsl4K6YZKyaZUt/ZlrEXllz+IG+wxfQfKWh
> azIqVcG5p31Rr54yBTpoTjVLRmoJ1tXdrr0O6NnGb9FyoWPqKi3CkSya2V5PI8DcgSwIDAQAB"

That's a public key (specifically, the base64 encoding of your RSA public
key).

> DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=mymodeltalk.com;
> s=default; t=1432027078;
> bh=fAK46wh0L4gFk+8+jo6UW0qH58ckLjzME9PLXmNZf2M=;
> h=Date:To:From:Subject;
> b=EC6FWURdpXuoNazcDj2Bt8i9P7nKKeH9xUQD7AdvzFPUqB3lS9wtIs5+OqQeRXpj0
> bdmtKAkOa3SfcC2IXT9Tn+DfgkRbGj1gM0uNcFdevDzVXIndXdrckEFOIO2p8s/sO1
> BwRBwc3B3ZdL4YBnz7iddktwWwtXPWOWdGeGKOb4=

That's a digital signature (specifically, the base64 encoding of the
SHA256 hash of the header block after being encrypted with the private
key that matches your public key).

They aren't supposed to be the same thing.

-MSK
Received on Tue May 19 2015 - 20:56:13 PST

This archive was generated by hypermail 2.3.0 : Tue May 19 2015 - 21:00:01 PST