THIS PROJECT IS IMPLEMENTED WITH PURPOSES OF STUDY AND EXPERIMENTATION AND SHOULD NOT BE USED IN REAL CASE SCENARIOS.
After downloading the source code, run the following command to install the software:
npm install
In order to run the tests, run the following command:
npm test
node index.js example
NOTICE: The considered format is JSON. Refer input-samples
to see an example.
In order to sign an e-mail, run the following command:
node index.js sign input-samples/plain-mail.json rsa-sha256
Expected output:
XcOpw6XCpBvDo8OPw6PCu1ZPaMKywpZEwrvDkMO9w7ZHDjB3w7PCj8OXw4fCj8KfUcOWdmXDhx/DscOvOcKtcMKKZWkJwpPDg1dRw4oKwqtkw78xwpHCjcKxw4nDswFLwpXCsDTDpMKcAwYtQ8OvWMK+TSbDnsOZw7PCgsOlUEAAH8OzXsOww77Du8O6w4t0w652wrouw6dWA8KUYFYlMTh+w7HCrTnCinlNbEfDuH4rwp3DjVnCqlQ3woPCqno9VA==
NOTICE: The considered format is JSON. Refer input-samples
to see an example.
In order to verify an e-mail signature, run the following command:
node index.js verify input-samples/plain-mail.json rsa-sha256 XcOpw6XCpBvDo8OPw6PCu1ZPaMKywpZEwrvDkMO9w7ZHDjB3w7PCj8OXw4fCj8KfUcOWdmXDhx/DscOvOcKtcMKKZWkJwpPDg1dRw4oKwqtkw78xwpHCjcKxw4nDswFLwpXCsDTDpMKcAwYtQ8OvWMK+TSbDnsOZw7PCgsOlUEAAH8OzXsOww77Du8O6w4t0w652wrouw6dWA8KUYFYlMTh+w7HCrTnCinlNbEfDuH4rwp3DjVnCqlQ3woPCqno9VA==
Expected output:
Signature is valid!
In order to run in debug mode, add DKIM_DEBUG=true
environment variable. Example:
DKIM_DEBUG=true node index.js sign input-samples/plain-mail.json rsa-sha256
rsa-sha256
rsa-sha1
The keys are located in the files privateKeyPem.js
and publicKeyPem.js
- Email Test Files in JSON Format. Example:
{
"headers": [
"subject: \"Good news\"",
"from: bob <bob@tutanota.com>",
"to: <alice@somewhere.else.com>",
"date: Thu Mar 07 2019 17:07:00 GMT+0100"
],
"body": "Hi Alice,\nI guess you will not believe it, but I have found the dog. It was hidden where you never would have expected.\nCheers,\nBob"
}
-
body
contains the canonicalized body specified in the "c=" tag and is already truncated to the length specified in the "l=" -
headers
contains all the headers are the parameters chosen by the signer already canonicalized as well and with the order preserved -
(signature)
domain
andselector
are used to compute dataHash (before signing), due to lack of understanding. It is not clear to me if it needs to be out of the hash but in the encryption, or all in. Also, by doing so, it is possible to use RSA APIsign
method directly. Without this assumption, the approach would be: 1) compute dataHash) 2) concatenate domain, selector and dataHash 3) RSA encrypt the aforementioned concatenation -
(verification)
domain
andselector
are used to compute dataHash (before verifying), due to lack of understanding. It is not clear to me if it needs to be out of the hash but in the encryption, or all in. Also, by doing so, it is possible to use RSA APIverify
method directly. Without this assumption, it is not clear to me how would the verification process be.
- DKIM-Signature header field is not passed to the Step 2
These are links from pages that were useful during the progress of this project:
- https://github.com/digitalbazaar/forge
- https://github.com/digitalbazaar/forge#rsa
- https://github.com/emn178/js-sha1
- https://www.npmjs.com/package/crypto-js
- https://github.com/ArnaudValensi/node-jsencrypt
- http://travistidwell.com/jsencrypt/
- http://travistidwell.com/jsencrypt/example.html
- https://medium.com/@DannyAziz97/rsa-encryption-with-js-python-7e031cbb66bb
Geraldo Barbosa Landre - https://geraldo.landre.me