3

So, I've lost some sleep, I've scoured the net and I've found libraries, explanations, etc., but I have not found a step by step guide to create a Domain-Key Signature to be added to an email header to sign my authenticated email sent from a PHP program. Actually, I have found some instructions but it always seems that a step is missing!

Reading Jeff Atwood's "So You'd Like to Send Some Email (Through Code)" helped me out a great deal, and actually informed me about all of these signing methods. Thus far I have:

  • Created a public/private key pair using openVPN and the following openssl commands

    1. openssl genrsa -out rsa.private 1024 -

    2. openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM

  • Had the necessary TXT DNS records added (global policy and the public base64 key)

  • Added (what seem to be) the necessary parameters in the email header

However, using Port25's Authentication Report returns:

DomainKeys check details:
----------------------------------------------------------
Result:         fail (bad signature)
ID(s) verified: header.From=truth@truthuniversal.com
DNS record(s):
    truthuniversal._domainkey.truthuniversal.com. 86400 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdxr0auyWOszMhdPW0LR3/Duf3t6XcvlwTpYuoS1lzCuT35voqcEhctCh2dTzq2RAXOrinbG8HuTg/IBde3GWaRwBMSQRJ/ZwiNZHomMfqnZEhC9MT+J9OAEbm5TdwZ0HcIOKGBGi0fZvhYs5kw34mk0cwO7AacgSInDf+QjOE+QIDAQAB"

You can see the TXT Record there, which utilizes the key.

Here's my public key produced with the openssl command -- file rsa.public:

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdxr0auyWOszMhdPW0LR3/Duf3
t6XcvlwTpYuoS1lzCuT35voqcEhctCh2dTzq2RAXOrinbG8HuTg/IBde3GWaRwBM
SQRJ/ZwiNZHomMfqnZEhC9MT+J9OAEbm5TdwZ0HcIOKGBGi0fZvhYs5kw34mk0cw
O7AacgSInDf+QjOE+QIDAQAB
-----END PUBLIC KEY-----

In PHP, I'm constructing the header this way:

  $pkey="MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdxr0auyWOszMhdPW0LR3/Duf3t6XcvlwTpYuoS1lzCuT35voqcEhctCh2dTzq2RAXOrinbG8HuTg/IBde3GWaRwBMSQRJ/ZwiNZHomMfqnZEhC9MT+J9OAEbm5TdwZ0HcIOKGBGi0fZvhYs5kw34mk0cwO7AacgSInDf+QjOE+QIDAQAB";

    $dkeysig = "DomainKey-Signature: a=rsa-sha1;
     s=truthuniversal;d=truthuniversal.com;c=simple;q=dns;b=$pkey;" 

    $newLine = "\r\n";

    //Construct Headers  
    $headers = "MIME-Version: 1.0" . $newLine;  
    $headers .= "Content-type: text/html; charset=iso-8859-1" . $newLine; 
    $headers .= "$dkeysig" . $newLine;

When I check the header of the received message it looks this way:

DomainKey-Signature: a=rsa-sha1; s=truthuniversal;d=truthuniversal.com;c=simple;q=dns;b=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdxr0auyWOszMhdPW0LR3/Duf3t6XcvlwTpYuoS1lzCuT35voqcEhctCh2dTzq2RAXOrinbG8HuTg/IBde3GWaRwBMSQRJ/ZwiNZHomMfqnZEhC9MT+J9OAEbm5TdwZ0HcIOKGBGi0fZvhYs5kw34mk0cwO7AacgSInDf+QjOE+QIDAQAB;

What am I missing?

Is there another step?

JasonMArcher
  • 14,195
  • 22
  • 56
  • 52
T. Ujasiri
  • 317
  • 1
  • 3
  • 14
  • +1 for the link, however you should show how you generate the keys, the exact commands and their output. Not that you made a mistake there and it gets unnoticed. – M8R-1jmw5r Apr 29 '13 at 23:48
  • @M8R-1jmw5r I added that information as you suggested. I used the genrsa command to generate the key pair. The contents of rsa.public is the public key I posted above. Do you need the private key info as well? – T. Ujasiri Apr 30 '13 at 20:21
  • This must really be unpopular... – T. Ujasiri May 02 '13 at 20:56

0 Answers0