From 9722d50b9b6c5ccd81892a00bdd3023399b004fb Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 5 Dec 2018 15:47:34 +0100 Subject: DKIM: also include the "d=" tag in key filenames, not only the "s=" tag. While the combination of "s=" tag (selector) & "d=" tag signing domain maps to a unique key, the selector alone doesn't necessarily. --- certs/dkim/8f00fb94ec6c37aacb48bd43e073f9b7.pub | 9 --------- certs/dkim/8f00fb94ec6c37aacb48bd43e073f9b7:fripost.org.pub | 9 +++++++++ certs/dkim/9df9cdc7e101629b5003b587945afa70.pub | 9 --------- certs/dkim/9df9cdc7e101629b5003b587945afa70:x.fripost.org.pub | 9 +++++++++ certs/dkim/README | 7 ++++--- 5 files changed, 22 insertions(+), 21 deletions(-) delete mode 100644 certs/dkim/8f00fb94ec6c37aacb48bd43e073f9b7.pub create mode 100644 certs/dkim/8f00fb94ec6c37aacb48bd43e073f9b7:fripost.org.pub delete mode 100644 certs/dkim/9df9cdc7e101629b5003b587945afa70.pub create mode 100644 certs/dkim/9df9cdc7e101629b5003b587945afa70:x.fripost.org.pub (limited to 'certs') diff --git a/certs/dkim/8f00fb94ec6c37aacb48bd43e073f9b7.pub b/certs/dkim/8f00fb94ec6c37aacb48bd43e073f9b7.pub deleted file mode 100644 index ef400f4..0000000 --- a/certs/dkim/8f00fb94ec6c37aacb48bd43e073f9b7.pub +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmCWIVZt+L/bJ5+abvdm -Fm6Er/9g6e4WX2HKyeIfC5eDaPbUyHqHSY7xzWNiU+cbBvny8BASkdWsclLdoiuM -J6Yes5VSzkH6j2gp9Uuy7d6p61Jbrizi7/CQzCZfhi5uGKiGtV2g+V/sIuXekm9Q -+Q2eqjj/6hUHGDPTTKEFlgruyaS6y+Kes+sJYjMG62lbTOKL5TjY6z0Gr2AMfglB -Uj9QWD5jm+bH0clE1HZq51mxXQbV2v/7JEHjznR0nSB+jY2EV7g/MXM8DwJCDH4Z -cknoH0NrcJRjuRt8ndufnx4Qh0t7qqWwmGF0jZOcZxHeODfkUlLxQ4SCMVeqV/SS -TwIDAQAB ------END PUBLIC KEY----- diff --git a/certs/dkim/8f00fb94ec6c37aacb48bd43e073f9b7:fripost.org.pub b/certs/dkim/8f00fb94ec6c37aacb48bd43e073f9b7:fripost.org.pub new file mode 100644 index 0000000..ef400f4 --- /dev/null +++ b/certs/dkim/8f00fb94ec6c37aacb48bd43e073f9b7:fripost.org.pub @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmCWIVZt+L/bJ5+abvdm +Fm6Er/9g6e4WX2HKyeIfC5eDaPbUyHqHSY7xzWNiU+cbBvny8BASkdWsclLdoiuM +J6Yes5VSzkH6j2gp9Uuy7d6p61Jbrizi7/CQzCZfhi5uGKiGtV2g+V/sIuXekm9Q ++Q2eqjj/6hUHGDPTTKEFlgruyaS6y+Kes+sJYjMG62lbTOKL5TjY6z0Gr2AMfglB +Uj9QWD5jm+bH0clE1HZq51mxXQbV2v/7JEHjznR0nSB+jY2EV7g/MXM8DwJCDH4Z +cknoH0NrcJRjuRt8ndufnx4Qh0t7qqWwmGF0jZOcZxHeODfkUlLxQ4SCMVeqV/SS +TwIDAQAB +-----END PUBLIC KEY----- diff --git a/certs/dkim/9df9cdc7e101629b5003b587945afa70.pub b/certs/dkim/9df9cdc7e101629b5003b587945afa70.pub deleted file mode 100644 index 2574f71..0000000 --- a/certs/dkim/9df9cdc7e101629b5003b587945afa70.pub +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyN6rMmDzZ0MtN6e+T3lS -wny1qs0djjXJMJi5gfCXl9ZW4v5LT098EtpEQsDfY8NY3PvuBTD74Xsvy9jRh71/ -q0iZHHwOffQlP8BVi2uelO9brVBr9nHWvycbEp/PXMVPOSBRuXyrvIYPnWjmaPZc -xT4L3OB5BtZPsGElxAzZMbTDzRr8K0yIY/HtVTXD5JJsKb3GIXiyHY7GCvV6tKeP -eI2L0vJOJ2LLHHX962ykWHAfS12izkfBxGkMVn4AQZIPQ4iGwAPZ9z5DIsz11Riw -+3ysWWdmz2yV8HtoDKfOB4/vyFyWFlyaMkdvblDjgQv0m6bHwvXlxAGSWcZirmEM -pQIDAQAB ------END PUBLIC KEY----- diff --git a/certs/dkim/9df9cdc7e101629b5003b587945afa70:x.fripost.org.pub b/certs/dkim/9df9cdc7e101629b5003b587945afa70:x.fripost.org.pub new file mode 100644 index 0000000..2574f71 --- /dev/null +++ b/certs/dkim/9df9cdc7e101629b5003b587945afa70:x.fripost.org.pub @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyN6rMmDzZ0MtN6e+T3lS +wny1qs0djjXJMJi5gfCXl9ZW4v5LT098EtpEQsDfY8NY3PvuBTD74Xsvy9jRh71/ +q0iZHHwOffQlP8BVi2uelO9brVBr9nHWvycbEp/PXMVPOSBRuXyrvIYPnWjmaPZc +xT4L3OB5BtZPsGElxAzZMbTDzRr8K0yIY/HtVTXD5JJsKb3GIXiyHY7GCvV6tKeP +eI2L0vJOJ2LLHHX962ykWHAfS12izkfBxGkMVn4AQZIPQ4iGwAPZ9z5DIsz11Riw ++3ysWWdmz2yV8HtoDKfOB4/vyFyWFlyaMkdvblDjgQv0m6bHwvXlxAGSWcZirmEM +pQIDAQAB +-----END PUBLIC KEY----- diff --git a/certs/dkim/README b/certs/dkim/README index e5addf9..2137a8d 100644 --- a/certs/dkim/README +++ b/certs/dkim/README @@ -1,10 +1,11 @@ -To convert a PEM-encoded public key to a TXT record, run +To convert the PEM-encoded public keys from this directory to TXT +records, run $ SELECTOR="8f00fb94ec6c37aacb48bd43e073f9b7" $ DOMAIN="fripost.org" - $ printf "%s._domainkey%s IN TXT (\n" "$SELECTOR" "${DOMAIN:+.$DOMAIN.}"; \ + $ printf "%s._domainkey.%s IN TXT (\n" "$SELECTOR" "$DOMAIN"; \ { printf "v=DKIM1; k=rsa; t=s; s=email; p="; - sed '/^--.*--$/d' <"./certs/dkim/$SELECTOR.pub" | tr -d '\n'; + openssl pkey -pubin -in "./certs/dkim/$SELECTOR:$DOMAIN.pub" -outform DER | base64 -w0 } | fold -w64 | sed 's/.*/ "&"/; $s/$/ )\n/' Remove the "t=s" tag if subdomaining or third-party signature (hosted -- cgit v1.2.3