New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Can't read DKIM key file if key type is ed25519 #2974
Comments
I actually use ed25519 files without issues. This looks to me like problem with the files themselves. Make sure there are no empty lines or so in the file itself. |
Hey @dejanstrbac, no there aren't any empty lines except for the obligatory newline at the bottom. The key was generatad with Would you mind sharing what your key file looks like? Which version are you using? As mentioned above, my ed25519 keys just look like this:
Just for fun, I've also tried wrapping it in BEGIN... and END...:
But that just gave this error:
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
It's caused by the extra DNS record data appended to the end of the private key by the
If you strip everything but the first line, it will work OK:
Interestingly, the same DNS data at the end of RSA key doesn't break parsing, probably because it's wrapped in the |
Describe the bug
If the DKIM private key is of type 'ed25519' (instead of the default 'rsa') Rspamd fails to read the private key file for signing outgoing emails resulting in an invalid DKIM signature.
Steps to Reproduce
Generate an ed25519 DKIM key pair:
rspamadm dkim_keygen -b 4096 -t ed25519 -s myselector -k /var/lib/rspamd/dkim/domain.myselector.key
Add the DKIM DNS record with the public key
Point Rspamd to the private key file in the config:
Expected behavior
Outgoing emails should have a valid DKIM signature.
Actual behavior: Emails do not have a valid signature and there is an error in Rspamd's log file stating that the private key could not be read:
Versions
Rspamd 1.9.4
OS: Ubuntu Server 18.04.2
Additional Information
Everything works as expected with rsa keys. This is exclusively an issue with ed25519 keys.
(!) It might be important to point out that
-t ed25519
creates a base64 encoded ed25519 key while the rsa keys are PEM. So while the rsa key looks like this:The ed25519 key is just:
And I'm explicitly talking about referencing the private key by file in the config. Putting the raw key directly into the config should probably work fine but I haven't tested it. My guess is that the key is being validated by checking if it starts with
-----BEGIN
or something and the validation fails because that's not the case with the ed25519 key.The text was updated successfully, but these errors were encountered: