问题描述
我承认我不太擅长密钥验证.我有一个从 POP3 服务器下载消息的脚本,我正在尝试验证 PHP 中的 DKIM 签名.我已经弄清楚了正文哈希 (bh) 验证检查,但我无法弄清楚标头验证.
I'll admit I'm not very adept at key verification. What I have is a script that downloads messages from a POP3 server, and I'm attempting to verify the DKIM signatures in PHP. I've already figured out the body hash (bh) validation check, but I can't figure out the header validation.
http://www.dkim.org/规格/rfc4871-dkimbase.html#rfc.section.6.1.3
以下是我的邮件标题示例.我已经能够使用 Mail::DKIM 包来验证 Perl 中的签名,所以我知道它很好.我似乎无法弄清楚 RFC 中的说明并将它们翻译成 PHP 代码.
Below is an example of my message headers. I've been able to use the Mail::DKIM package to validate the signature in Perl, so I know it's good. I just can't seem to figure out the instructions in the RFC and translate them into PHP code.
DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;
s=angrychimp-1.bh; d=angrychimp.net;
h=From:X-Outgoing;
b=RVkenibHQ7GwO5Y3tun2CNn5wSnooBSXPHA1Kmxsw6miJDnVp4XKmA9cUELwftf9
nGiRCd3rLc6eswAcVyNhQ6mRSsF55OkGJgDNHiwte/pP5Z47Lo/fd6m7rfCnYxq3
DKIM-Signature: v=1; a=rsa-sha1; d=angrychimp.net; s=angrychimp-1.bh; c=relaxed/simple;
q=dns/txt; [email protected]; t=1268436255;
h=From:Subject:X-Outgoing:Date;
bh=gqhC2GEWbg1t7T3IfGMUKzt1NCc=;
b=ZmeavryIfp5jNDIwbpifsy1UcavMnMwRL6Fy6axocQFDOBd2KjnjXpCkHxs6yBZn
Wu+UCFeAP+1xwN80JW+4yOdAiK5+6IS8fiVa7TxdkFDKa0AhmJ1DTHXIlPjGE4n5;
To: [email protected]
Message-ID: <EF.CC.24859.F1DCA9B4>
From: DKIM Tester <[email protected]>
Reply-To: [email protected]
Subject: Automated DKIM Testing (angrychimp.net)
X-Outgoing: dhaka
Date: Fri, 12 Mar 2010 15:24:15 -0800
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
MIME-Version: 1.0
Return-Path: [email protected]
X-OriginalArrivalTime: 12 Mar 2010 23:25:50.0326 (UTC) FILETIME=[5A0ED160:01CAC23B]
我可以很好地从我的 DNS 中提取公钥,并且我相信我正确地规范了标头,但是我无法验证签名.我认为我没有正确准备我的密钥或计算签名验证.
I can extract the public key from my DNS just fine, and I believe I'm canonicalizing the headers correctly, but I just can't get the signature validated. I don't think I'm preparing my key or computing the signature validation correctly.
这是可能的吗(我需要梨扩展还是什么?)还是在 PHP 中手动验证 DKIM 签名是不可行的?
Is this something that's possible (do I need pear extensions or something?) or is manually validating a DKIM signature in PHP just not feasible?
推荐答案
Mail::DKIM 对其他库有以下依赖:
The Mail::DKIM has the following dependencies on other libraries:
- Crypt::OpenSSL::RSA
- 摘要::SHA
- Mail::Address(MailTools 包的一部分)
- MIME::Base64
- 网络::DNS
所有这些也应该在 PHP 中可用.所以手动检查PHP中的validatity是可控的.Mail::DKIM 正在使用这些库手动"验证签名.也许你对 Mail::DKIM 的来源有一个高峰?
All these should be available in PHP also. So manually check the validatity in PHP is controllable. Mail::DKIM is verifiying the signature "manually" with those libs. Maybe you have a peak into source of Mail::DKIM?
此外,OpenDKIM 库 (libopendkim)" 可用.您可以围绕这个库构建一个 PHP 模块,就像其他人将 OpenSSL、cURL 等集成到 PHP 中一样.
Additionaly "OpenDKIM Library (libopendkim)" is available. You can build a PHP-module around this library like other people have integrated OpenSSL, cURL, etc into PHP.
能不能把你的verify-function的代码提供一些测试数据,让大家看看?
Maybe you can provide the code of your verify-function with some test data, so everyone can have a look at it?
HTH &最好的问候
HTH & Best regards
迈克尔
这篇关于如何在 PHP 中验证 DKIM 签名?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!