dkim_support
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
dkim_support [2016/05/18 15:18] – lucy | dkim_support [2016/05/18 15:21] – [Setup DKIM in LUCY] lucy | ||
---|---|---|---|
Line 32: | Line 32: | ||
**Note**: Lucy sends out DKIM-signed emails with " | **Note**: Lucy sends out DKIM-signed emails with " | ||
+ | |||
+ | ===== DKIM Header Explanation===== | ||
+ | |||
+ | Here is an example DKIM signature (recorded as an RFC2822 header field) for the signed message: | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | Let's take this piece by piece to see what it means. Each " | ||
+ | * b = the actual digital signature of the contents (headers and body) of the mail message | ||
+ | * bh = the body hash | ||
+ | * d = the signing domain | ||
+ | * s = the selector | ||
+ | * v = the version | ||
+ | * a = the signing algorithm | ||
+ | * c = the canonicalization algorithm(s) for header and body | ||
+ | * q = the default query method | ||
+ | * l = the length of the canonicalized part of the body that has been signed | ||
+ | * t = the signature timestamp | ||
+ | * x = the expire time | ||
+ | * h = the list of signed header fields, repeated for fields that occur multiple times | ||
+ | |||
+ | We can see from this email that: | ||
+ | * The digital signature is dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav+yuU4zGeeruD00lszZVoG4ZHRNiYzR. This signature is matched with the one stored at the sender' | ||
+ | * The body hash is not listed. | ||
+ | * The signing domain is example.com.This is the domain that sent (and signed) the message. | ||
+ | * The selector is jun2005.eng. | ||
+ | * The version is not listed. | ||
+ | * The signing algorithm is rsa-sha1. This is the algorith used to generate the signature. | ||
+ | * The canonicalization algorithm(s) for header and body are relaxed/ | ||
+ | * The default query method is DNS. This is the method used to look up the key on the signing domain. | ||
+ | * The length of the canonicalized part of the body that has been signed is not listed. The signing domain can generate a key based on the entire body or only some portion of it. That portion would be listed here. | ||
+ | * The signature timestamp is 1117574938. This is when it was signed. | ||
+ | * The expire time is 1118006938. Because an already signed email can be reused to " | ||
+ | * The list of signed header fields includes from: | ||
+ | |||
+ | |||
dkim_support.txt · Last modified: 2019/07/25 12:50 by 127.0.0.1