Skip to content

generated dkim entry incorrect syntax for sha-256 #620

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 27, 2017
Merged

generated dkim entry incorrect syntax for sha-256 #620

merged 2 commits into from
Mar 27, 2017

Conversation

jasonblewis
Copy link
Contributor

when you follow the instructions, the text record has an incorrect hash entry as h=rsa-sha256, modifying it in the record to h=SHA56 fixes the issue.

without this fix, the opendkim-testkey -d organictrader.com.au -s 201612 test failes with:

opendkim-testkey: unknown hash 'rsa-sha256'

@jasonblewis
generated dkim entry incorrect syntax for sha-256
61542d9 
when you follow the instructions, the text record has an incorrect hash entry as h=rsa-sha256, modifying it in the record to h=SHA56 fixes the issue.

without this fix, the `opendkim-testkey -d organictrader.com.au -s 201612` test failes with:
```
opendkim-testkey: unknown hash 'rsa-sha256'
```
@jasonblewis
sha256 is case sensitive
df4c024 
made it capitals, should be lower case
@alexfornuto
Copy link
Contributor

@tknarr would you care to weigh in on this?

@tknarr
Copy link
Contributor

tknarr commented Dec 29, 2016

That part of the text's generated by the OpenDKIM tools themselves. When I run opendkim-testkey on a record that has k=rsa in it I get a successful result:

root@arachnae:/etc/opendkim/keys# opendkim-testkey -d silverglass.org -k ./silverglass.201610.key -s 201610 -vv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: key loaded from ./silverglass.201610.key
opendkim-testkey: checking key '201610._domainkey.silverglass.org'
opendkim-testkey: key not secure
root@arachnae:/etc/opendkim/keys# exit

I'm not sure where @jasonblewis went from the k tag specifying the key algorithm to the h tag specifying the list of acceptable hash algorithms. The default if the h tag isn't present is all valid hash algorithms for the key algorithm, which is usually what we'd want.

@alexfornuto alexfornuto mentioned this pull request Feb 1, 2017
Closed
@cwlinode
Copy link
Contributor

jasonblewis, thank you for pointing this out. It seems that OpenDKIM generates the h=rsa-sha256 option along with k=rsa.

@cwlinode cwlinode merged commit 9464cbd into linode:master Mar 27, 2017
@ghost
Copy link

ghost commented Jul 16, 2019
edited by ghost
Loading

when you follow the instructions, the text record has an incorrect hash entry as h=rsa-sha256, modifying it in the record to h=SHA56 fixes the issue.

without this fix, the opendkim-testkey -d organictrader.com.au -s 201612 test failes with:

opendkim-testkey: unknown hash 'rsa-sha256'

think you mean SHA256 not SHA56, so in total change:

h=rsa-sha256

to

h=SHA256

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug open for discussion
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jasonblewis @alexfornuto @tknarr @cwlinode