DandelionNStuff/dkimpy-milter-smtputf8
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add support for specifying MinimumKeyBits for RSA signatures

Browse Source
This commit is contained in:
Scott Kitterman
2019-10-30 16:29:00 -04:00
parent 472fc753e1
commit e83d4b9306
7 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGES
+1
View File
@@ -1,5 +1,6 @@
1.2.0 UNRELEASED
- Add support for SigningTable, KeyTable, and KeyTableEd25519 (LP: #1797397)
- Add support for specifying MinimumKeyBits for RSA signatures
- Add support for SignHeaders feature, thanks to Ralph Seichter for the patch
- Add information on message content conversion to README
- Add new expand option to setup.py so various file system locations can be
TODO
+1 -1
View File
@@ -53,7 +53,7 @@ Test suite implemented verified
DNSTimeout (requires dkimpy change)
KeyTable implemented verified
KeytableEd25519 implemented verified
MinimumKeyBits
MinimumKeyBits implemented verified
SignHeaders implemented
SigningTable implemented verified
TemporaryDirectory
dkimpy_milter/__init__.py
+1 -1
View File
@@ -359,7 +359,7 @@ class dkimMilter(Milter.Base):
res = False
self.header_a = None
for y in range(self.has_dkim): # Verify _ALL_ the signatures
d = dkim.DKIM(txt)
d = dkim.DKIM(txt, minkey=self.conf.get('MinimumKeyBits'))
try:
dnsoverride = self.conf.get('DNSOverride')
if isinstance(dnsoverride, str):
dkimpy_milter/config.py
+6
View File
@@ -39,6 +39,7 @@ defaultConfigData = {
'SyslogFacility': 'mail',
'UMask': 0o07,
'Mode': 'sv',
'MinimumKeyBits': 1024,
'Socket': None,
'PidFile': None,
'UserID': 'dkimpy-milter',
@@ -336,6 +337,7 @@ def _readConfigFile(path, configData=None, configGlobal={}):
'SyslogSuccess': 'bool',
'UMask': 'int',
'Mode': 'str',
'MinimumKeyBits': 'int',
'Socket': 'str',
'PidFile': 'str',
'UserID': 'str',
@@ -421,6 +423,10 @@ def _readConfigFile(path, configData=None, configGlobal={}):
else:
configData[name] = str(value)
elif conversion == 'int':
if name == 'MinimumKeyBits':
if int(value) == 0:
# Odd inheritence from OpenDKIM where value of 0 means use default.
value = configData.get(name)
configData[name] = int(value)
elif conversion == 'dataset':
configData[name] = _dataset_to_list(value)
man/dkimpy-milter.conf.5
+7
View File
@@ -325,6 +325,13 @@ be set:
(a) Domain, KeyFile, Selector, no KeyTable, no SigningTable;
(b) KeyTable, SigningTable, no Domain, no KeyFile, no Selector;
TP
.I MinimumKeyBits (integer)
Establishes a minimum key size for acceptable RSA signatures. Signatures with
smaller key sizes, even if they otherwise pass DKIM validation, will me marked
as invalid. The default is 1024, which accepts all signatures. A value of
0 causes the default to be used. Not Applicable to ed25519 signatures.
.TP
.I OmitHeaders (dataset)
Specifies a set of header fields that should be omitted when generating
man/dkimpy-milter.conf.5.in
+7
View File
@@ -325,6 +325,13 @@ be set:
(a) Domain, KeyFile, Selector, no KeyTable, no SigningTable;
(b) KeyTable, SigningTable, no Domain, no KeyFile, no Selector;
TP
.I MinimumKeyBits (integer)
Establishes a minimum key size for acceptable RSA signatures. Signatures with
smaller key sizes, even if they otherwise pass DKIM validation, will me marked
as invalid. The default is 1024, which accepts all signatures. A value of
0 causes the default to be used. Not Applicable to ed25519 signatures.
.TP
.I OmitHeaders (dataset)
Specifies a set of header fields that should be omitted when generating
tests/runtests
+1
View File
@@ -43,6 +43,7 @@ Socket unix:$keytype.verify.sock
PidFile $keytype.verify.pid
Mode v
DNSOverride $(cat testkey.$keytype.dns)
MinimumKeyBits 2048
UserID $(id --name --user):$(id --name --group)
EOF