From 9722d50b9b6c5ccd81892a00bdd3023399b004fb Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 5 Dec 2018 15:47:34 +0100
Subject: DKIM: also include the "d=" tag in key filenames, not only the "s="
 tag.

While the combination of "s=" tag (selector) & "d=" tag signing domain
maps to a unique key, the selector alone doesn't necessarily.
---
 certs/dkim/8f00fb94ec6c37aacb48bd43e073f9b7.pub               | 9 ---------
 certs/dkim/8f00fb94ec6c37aacb48bd43e073f9b7:fripost.org.pub   | 9 +++++++++
 certs/dkim/9df9cdc7e101629b5003b587945afa70.pub               | 9 ---------
 certs/dkim/9df9cdc7e101629b5003b587945afa70:x.fripost.org.pub | 9 +++++++++
 certs/dkim/README                                             | 7 ++++---
 5 files changed, 22 insertions(+), 21 deletions(-)
 delete mode 100644 certs/dkim/8f00fb94ec6c37aacb48bd43e073f9b7.pub
 create mode 100644 certs/dkim/8f00fb94ec6c37aacb48bd43e073f9b7:fripost.org.pub
 delete mode 100644 certs/dkim/9df9cdc7e101629b5003b587945afa70.pub
 create mode 100644 certs/dkim/9df9cdc7e101629b5003b587945afa70:x.fripost.org.pub

(limited to 'certs')

diff --git a/certs/dkim/8f00fb94ec6c37aacb48bd43e073f9b7.pub b/certs/dkim/8f00fb94ec6c37aacb48bd43e073f9b7.pub
deleted file mode 100644
index ef400f4..0000000
--- a/certs/dkim/8f00fb94ec6c37aacb48bd43e073f9b7.pub
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmCWIVZt+L/bJ5+abvdm
-Fm6Er/9g6e4WX2HKyeIfC5eDaPbUyHqHSY7xzWNiU+cbBvny8BASkdWsclLdoiuM
-J6Yes5VSzkH6j2gp9Uuy7d6p61Jbrizi7/CQzCZfhi5uGKiGtV2g+V/sIuXekm9Q
-+Q2eqjj/6hUHGDPTTKEFlgruyaS6y+Kes+sJYjMG62lbTOKL5TjY6z0Gr2AMfglB
-Uj9QWD5jm+bH0clE1HZq51mxXQbV2v/7JEHjznR0nSB+jY2EV7g/MXM8DwJCDH4Z
-cknoH0NrcJRjuRt8ndufnx4Qh0t7qqWwmGF0jZOcZxHeODfkUlLxQ4SCMVeqV/SS
-TwIDAQAB
------END PUBLIC KEY-----
diff --git a/certs/dkim/8f00fb94ec6c37aacb48bd43e073f9b7:fripost.org.pub b/certs/dkim/8f00fb94ec6c37aacb48bd43e073f9b7:fripost.org.pub
new file mode 100644
index 0000000..ef400f4
--- /dev/null
+++ b/certs/dkim/8f00fb94ec6c37aacb48bd43e073f9b7:fripost.org.pub
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmCWIVZt+L/bJ5+abvdm
+Fm6Er/9g6e4WX2HKyeIfC5eDaPbUyHqHSY7xzWNiU+cbBvny8BASkdWsclLdoiuM
+J6Yes5VSzkH6j2gp9Uuy7d6p61Jbrizi7/CQzCZfhi5uGKiGtV2g+V/sIuXekm9Q
++Q2eqjj/6hUHGDPTTKEFlgruyaS6y+Kes+sJYjMG62lbTOKL5TjY6z0Gr2AMfglB
+Uj9QWD5jm+bH0clE1HZq51mxXQbV2v/7JEHjznR0nSB+jY2EV7g/MXM8DwJCDH4Z
+cknoH0NrcJRjuRt8ndufnx4Qh0t7qqWwmGF0jZOcZxHeODfkUlLxQ4SCMVeqV/SS
+TwIDAQAB
+-----END PUBLIC KEY-----
diff --git a/certs/dkim/9df9cdc7e101629b5003b587945afa70.pub b/certs/dkim/9df9cdc7e101629b5003b587945afa70.pub
deleted file mode 100644
index 2574f71..0000000
--- a/certs/dkim/9df9cdc7e101629b5003b587945afa70.pub
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyN6rMmDzZ0MtN6e+T3lS
-wny1qs0djjXJMJi5gfCXl9ZW4v5LT098EtpEQsDfY8NY3PvuBTD74Xsvy9jRh71/
-q0iZHHwOffQlP8BVi2uelO9brVBr9nHWvycbEp/PXMVPOSBRuXyrvIYPnWjmaPZc
-xT4L3OB5BtZPsGElxAzZMbTDzRr8K0yIY/HtVTXD5JJsKb3GIXiyHY7GCvV6tKeP
-eI2L0vJOJ2LLHHX962ykWHAfS12izkfBxGkMVn4AQZIPQ4iGwAPZ9z5DIsz11Riw
-+3ysWWdmz2yV8HtoDKfOB4/vyFyWFlyaMkdvblDjgQv0m6bHwvXlxAGSWcZirmEM
-pQIDAQAB
------END PUBLIC KEY-----
diff --git a/certs/dkim/9df9cdc7e101629b5003b587945afa70:x.fripost.org.pub b/certs/dkim/9df9cdc7e101629b5003b587945afa70:x.fripost.org.pub
new file mode 100644
index 0000000..2574f71
--- /dev/null
+++ b/certs/dkim/9df9cdc7e101629b5003b587945afa70:x.fripost.org.pub
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyN6rMmDzZ0MtN6e+T3lS
+wny1qs0djjXJMJi5gfCXl9ZW4v5LT098EtpEQsDfY8NY3PvuBTD74Xsvy9jRh71/
+q0iZHHwOffQlP8BVi2uelO9brVBr9nHWvycbEp/PXMVPOSBRuXyrvIYPnWjmaPZc
+xT4L3OB5BtZPsGElxAzZMbTDzRr8K0yIY/HtVTXD5JJsKb3GIXiyHY7GCvV6tKeP
+eI2L0vJOJ2LLHHX962ykWHAfS12izkfBxGkMVn4AQZIPQ4iGwAPZ9z5DIsz11Riw
++3ysWWdmz2yV8HtoDKfOB4/vyFyWFlyaMkdvblDjgQv0m6bHwvXlxAGSWcZirmEM
+pQIDAQAB
+-----END PUBLIC KEY-----
diff --git a/certs/dkim/README b/certs/dkim/README
index e5addf9..2137a8d 100644
--- a/certs/dkim/README
+++ b/certs/dkim/README
@@ -1,10 +1,11 @@
-To convert a PEM-encoded public key to a TXT record, run
+To convert the PEM-encoded public keys from this directory to TXT
+records, run
 
     $ SELECTOR="8f00fb94ec6c37aacb48bd43e073f9b7"
     $ DOMAIN="fripost.org"
-    $ printf "%s._domainkey%s    IN TXT    (\n" "$SELECTOR" "${DOMAIN:+.$DOMAIN.}"; \
+    $ printf "%s._domainkey.%s    IN TXT    (\n" "$SELECTOR" "$DOMAIN"; \
       { printf "v=DKIM1; k=rsa; t=s; s=email; p=";
-        sed '/^--.*--$/d' <"./certs/dkim/$SELECTOR.pub" | tr -d '\n';
+        openssl pkey -pubin -in "./certs/dkim/$SELECTOR:$DOMAIN.pub" -outform DER | base64 -w0
       } | fold -w64 | sed 's/.*/    "&"/; $s/$/ )\n/'
 
 Remove the "t=s" tag if subdomaining or third-party signature (hosted
-- 
cgit v1.2.3