How do I verify a DKIM signature in PHP?

Posted by angrychimp on Stack Overflow See other posts from Stack Overflow or by angrychimp
Published on 2010-03-24T19:02:19Z Indexed on 2010/03/24 19:03 UTC
Read the original article Hit count: 574

Filed under:
|
|
|

I'll admit I'm not very adept at key verification. What I have is a script that downloads messages from a POP3 server, and I'm attempting to verify the DKIM signatures in PHP. I've already figured out the body hash (bh) validation check, but I can't figure out the header validation.

http://www.dkim.org/specs/rfc4871-dkimbase.html#rfc.section.6.1.3

Below is an example of my message headers. I've been able to use the Mail::DKIM package to validate the signature in Perl, so I know it's good. I just can't seem to figure out the instructions in the RFC and translate them into PHP code.

DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws; s=angrychimp-1.bh; d=angrychimp.net; h=From:X-Outgoing; b=RVkenibHQ7GwO5Y3tun2CNn5wSnooBSXPHA1Kmxsw6miJDnVp4XKmA9cUELwftf9 nGiRCd3rLc6eswAcVyNhQ6mRSsF55OkGJgDNHiwte/pP5Z47Lo/fd6m7rfCnYxq3 DKIM-Signature: v=1; a=rsa-sha1; d=angrychimp.net; s=angrychimp-1.bh; c=relaxed/simple; q=dns/txt; [email protected]; t=1268436255; h=From:Subject:X-Outgoing:Date; bh=gqhC2GEWbg1t7T3IfGMUKzt1NCc=; b=ZmeavryIfp5jNDIwbpifsy1UcavMnMwRL6Fy6axocQFDOBd2KjnjXpCkHxs6yBZn Wu+UCFeAP+1xwN80JW+4yOdAiK5+6IS8fiVa7TxdkFDKa0AhmJ1DTHXIlPjGE4n5; To: [email protected] Message-ID: From: DKIM Tester Reply-To: [email protected] Subject: Automated DKIM Testing (angrychimp.net) X-Outgoing: dhaka Date: Fri, 12 Mar 2010 15:24:15 -0800 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline MIME-Version: 1.0 Return-Path: [email protected] X-OriginalArrivalTime: 12 Mar 2010 23:25:50.0326 (UTC) FILETIME=[5A0ED160:01CAC23B]

I can extract the public key from my DNS just fine, and I believe I'm canonicalizing the headers correctly, but I just can't get the signature validated. I don't think I'm preparing my key or computing the signature validation correctly.

Is this something that's possible (do I need pear extensions or something?) or is manually validating a DKIM signature in PHP just not feasible?

© Stack Overflow or respective owner

Related posts about php

Related posts about dkim