[英]How do I verify a DKIM signature in PHP?
I'll admit I'm not very adept at key verification. 我承认我不擅长核心验证。 What I have is a script that downloads messages from a POP3 server, and I'm attempting to verify the DKIM signatures in PHP.
我所拥有的是一个从POP3服务器下载消息的脚本,我正在尝试验证PHP中的DKIM签名。 I've already figured out the body hash (bh) validation check, but I can't figure out the header validation.
我已经想出了身体哈希(bh)验证检查,但我无法弄清楚头部验证。
http://www.dkim.org/specs/rfc4871-dkimbase.html#rfc.section.6.1.3 http://www.dkim.org/specs/rfc4871-dkimbase.html#rfc.section.6.1.3
Below is an example of my message headers. 下面是我的邮件标题的示例。 I've been able to use the Mail::DKIM package to validate the signature in Perl, so I know it's good.
我已经能够使用Mail :: DKIM包验证Perl中的签名,所以我知道它很好。 I just can't seem to figure out the instructions in the RFC and translate them into PHP code.
我似乎无法弄清楚RFC中的指令并将它们转换为PHP代码。
DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;
s=angrychimp-1.bh; d=angrychimp.net;
h=From:X-Outgoing;
b=RVkenibHQ7GwO5Y3tun2CNn5wSnooBSXPHA1Kmxsw6miJDnVp4XKmA9cUELwftf9
nGiRCd3rLc6eswAcVyNhQ6mRSsF55OkGJgDNHiwte/pP5Z47Lo/fd6m7rfCnYxq3
DKIM-Signature: v=1; a=rsa-sha1; d=angrychimp.net; s=angrychimp-1.bh; c=relaxed/simple;
q=dns/txt; i=@angrychimp.net; t=1268436255;
h=From:Subject:X-Outgoing:Date;
bh=gqhC2GEWbg1t7T3IfGMUKzt1NCc=;
b=ZmeavryIfp5jNDIwbpifsy1UcavMnMwRL6Fy6axocQFDOBd2KjnjXpCkHxs6yBZn
Wu+UCFeAP+1xwN80JW+4yOdAiK5+6IS8fiVa7TxdkFDKa0AhmJ1DTHXIlPjGE4n5;
To: iptest@example.com
Message-ID: <EF.CC.24859.F1DCA9B4>
From: DKIM Tester <noreply@angrychimp.net>
Reply-To: noreply@angrychimp.net
Subject: Automated DKIM Testing (angrychimp.net)
X-Outgoing: dhaka
Date: Fri, 12 Mar 2010 15:24:15 -0800
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
MIME-Version: 1.0
Return-Path: noreply@angrychimp.net
X-OriginalArrivalTime: 12 Mar 2010 23:25:50.0326 (UTC) FILETIME=[5A0ED160:01CAC23B]
I can extract the public key from my DNS just fine, and I believe I'm canonicalizing the headers correctly, but I just can't get the signature validated. 我可以从我的DNS中提取公钥就好了,我相信我正确地规范了标题,但我无法验证签名。 I don't think I'm preparing my key or computing the signature validation correctly.
我不认为我正在准备我的密钥或正确计算签名验证。
Is this something that's possible (do I need pear extensions or something?) or is manually validating a DKIM signature in PHP just not feasible? 这是可能的(我需要梨扩展或什么吗?)或手动验证PHP中的DKIM签名是不可行的?
The Mail::DKIM has the following dependencies on other libraries: Mail :: DKIM对其他库具有以下依赖性:
All these should be available in PHP also. 所有这些都应该在PHP中提供。 So manually check the validatity in PHP is controllable.
因此,手动检查PHP中的validatity是可控的。 Mail::DKIM is verifiying the signature "manually" with those libs.
Mail :: DKIM正在使用这些库“手动”验证签名。 Maybe you have a peak into source of Mail::DKIM?
也许你对Mail :: DKIM的来源有一个高峰?
Additionaly " OpenDKIM Library (libopendkim) " is available. 另外“ OpenDKIM Library(libopendkim) ”可用。 You can build a PHP-module around this library like other people have integrated OpenSSL, cURL, etc into PHP.
你可以围绕这个库构建一个PHP模块,就像其他人已经将OpenSSL,cURL等集成到PHP中一样。
Maybe you can provide the code of your verify-function with some test data, so everyone can have a look at it? 也许您可以使用一些测试数据提供验证功能的代码,以便每个人都可以查看它?
HTH & Best regards HTH和最好的问候
Michael 迈克尔
Try interoperate with external tool or another language. 尝试与外部工具或其他语言进行互操作。
You can consider to adapt external tool to do that or use C library which has better support to work with DKIM. 您可以考虑调整外部工具来实现这一点,或者使用C库,它可以更好地支持DKIM。 You can also try to integrate through Perl or Python.
您还可以尝试通过Perl或Python进行集成。
I create new project in googlecode. 我在googlecode中创建了一个新项目。 the name was phpMailDomainSigner It support DKIM-Signature and DomainKey-Signature in Object Oriented Style.
名称是phpMailDomainSigner它支持面向对象样式的DKIM-Signature和DomainKey-Signature。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.