本文介绍了如何在 PHP 中验证 DKIM 签名?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

限时删除!!

我承认我不太擅长密钥验证.我有一个从 POP3 服务器下载消息的脚本,我正在尝试验证 PHP 中的 DKIM 签名.我已经弄清楚了正文哈希 (bh) 验证检查,但我无法弄清楚标头验证.

I'll admit I'm not very adept at key verification. What I have is a script that downloads messages from a POP3 server, and I'm attempting to verify the DKIM signatures in PHP. I've already figured out the body hash (bh) validation check, but I can't figure out the header validation.

http://www.dkim.org/规格/rfc4871-dkimbase.html#rfc.section.6.1.3

以下是我的邮件标题示例.我已经能够使用 Mail::DKIM 包来验证 Perl 中的签名,所以我知道它很好.我似乎无法弄清楚 RFC 中的说明并将它们翻译成 PHP 代码.

Below is an example of my message headers. I've been able to use the Mail::DKIM package to validate the signature in Perl, so I know it's good. I just can't seem to figure out the instructions in the RFC and translate them into PHP code.

 DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;
  s=angrychimp-1.bh; d=angrychimp.net;
  h=From:X-Outgoing;
  b=RVkenibHQ7GwO5Y3tun2CNn5wSnooBSXPHA1Kmxsw6miJDnVp4XKmA9cUELwftf9
  nGiRCd3rLc6eswAcVyNhQ6mRSsF55OkGJgDNHiwte/pP5Z47Lo/fd6m7rfCnYxq3
 DKIM-Signature: v=1; a=rsa-sha1; d=angrychimp.net; s=angrychimp-1.bh; c=relaxed/simple;
  q=dns/txt; [email protected]; t=1268436255;
  h=From:Subject:X-Outgoing:Date;
  bh=gqhC2GEWbg1t7T3IfGMUKzt1NCc=;
  b=ZmeavryIfp5jNDIwbpifsy1UcavMnMwRL6Fy6axocQFDOBd2KjnjXpCkHxs6yBZn
  Wu+UCFeAP+1xwN80JW+4yOdAiK5+6IS8fiVa7TxdkFDKa0AhmJ1DTHXIlPjGE4n5;
 To: [email protected]
 Message-ID: <EF.CC.24859.F1DCA9B4>
 From: DKIM Tester <[email protected]>
 Reply-To: [email protected]
 Subject: Automated DKIM Testing (angrychimp.net)
 X-Outgoing: dhaka
 Date: Fri, 12 Mar 2010 15:24:15 -0800
 Content-Type: text/plain; charset=iso-8859-1
 Content-Transfer-Encoding: quoted-printable
 Content-Disposition: inline
 MIME-Version: 1.0
 Return-Path: [email protected]
 X-OriginalArrivalTime: 12 Mar 2010 23:25:50.0326 (UTC) FILETIME=[5A0ED160:01CAC23B]

我可以很好地从我的 DNS 中提取公钥,并且我相信我正确地规范了标头,但是我无法验证签名.我认为我没有正确准备我的密钥或计算签名验证.

I can extract the public key from my DNS just fine, and I believe I'm canonicalizing the headers correctly, but I just can't get the signature validated. I don't think I'm preparing my key or computing the signature validation correctly.

这是可能的吗(我需要梨扩展还是什么?)还是在 PHP 中手动验证 DKIM 签名是不可行的?

Is this something that's possible (do I need pear extensions or something?) or is manually validating a DKIM signature in PHP just not feasible?

推荐答案

Mail::DKIM 对其他库有以下依赖:

The Mail::DKIM has the following dependencies on other libraries:

  • Crypt::OpenSSL::RSA
  • 摘要::SHA
  • Mail::Address(MailTools 包的一部分)
  • MIME::Base64
  • 网络::DNS

所有这些也应该在 PHP 中可用.所以手动检查PHP中的validatity是可控的.Mail::DKIM 正在使用这些库手动"验证签名.也许你对 Mail::DKIM 的来源有一个高峰?

All these should be available in PHP also. So manually check the validatity in PHP is controllable. Mail::DKIM is verifiying the signature "manually" with those libs. Maybe you have a peak into source of Mail::DKIM?

此外,OpenDKIM 库 (libopendkim)" 可用.您可以围绕这个库构建一个 PHP 模块,就像其他人将 OpenSSL、cURL 等集成到 PHP 中一样.

Additionaly "OpenDKIM Library (libopendkim)" is available. You can build a PHP-module around this library like other people have integrated OpenSSL, cURL, etc into PHP.

能不能把你的verify-function的代码提供一些测试数据,让大家看看?

Maybe you can provide the code of your verify-function with some test data, so everyone can have a look at it?

HTH &最好的问候

HTH & Best regards

迈克尔

这篇关于如何在 PHP 中验证 DKIM 签名?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

1403页,肝出来的..

09-08 01:49