From 166291857ad7bb1f44cf3c69606525b40b4a2e15 Mon Sep 17 00:00:00 2001 From: Scott Kitterman Date: Mon, 9 Dec 2019 17:02:02 -0500 Subject: [PATCH] Udpate README for async and tlsrpt support --- README | 42 ++++++++++++++++++++++++++++++++++++++---- 1 file changed, 38 insertions(+), 4 deletions(-) diff --git a/README b/README index f472afb..69b4dd1 100644 --- a/README +++ b/README @@ -7,7 +7,9 @@ http://hewgill.com/pydkim/ INTRODUCTION dkimpy is a library that implements DKIM (DomainKeys Identified Mail) email -signing and verification. +signing and verification. Basic DKIM requirements are defined in RFC 6376: + +https://tools.ietf.org/html/rfc6376 VERSION @@ -24,13 +26,13 @@ needed for asyncio. - Python 2.x >= 2.7, or Python 3.x >= 3.5. Recent versions have not been tested on python < 2.7 or python3 < 3.5, but may still work on python2.6 - and python 3.1 - 3.3. + and python 3.1 - 3.4. - dnspython or pydns. dnspython is preferred if both are present and installed to satisfy the DNS module requirement if neither are installed. - argparse. Standard library in python2.7 and later. - authres. Needed for ARC. - PyNaCl. Needed for use of ed25519 capability. - - aiodns. Needed for asycnio (Required python3.5 or later) + - aiodns. Needed for asycnio (Requires python3.5 or later) INSTALLATION @@ -145,7 +147,7 @@ code 0 if the signature verifies successfully. Otherwise, it returns with exit code 1. As of version 0.6.0, dkimpy provides experimental support for ARC (Authenticated -Received Chain): +Received Chain). See RFC 8617 for the current version of ARC: https://tools.ietf.org/html/rfc8617 @@ -154,6 +156,38 @@ arc_sign and arc_verify functions as well as an ARC class. Both DKIM ed25519 and ARC are now considered stable (no longer experimantal). +ASYNC SUPPORT + +As of version 1.0, an alternative to dkim.verify for use in an async +environment is provied. It requires aiodns, https://pypi.org/project/aiodns/. +Here is a simple example of dkim.verify_async usage: + +>>> sys.stdin = sys.stdin.detach() +>>> +>>> async def main(): +>>> res = await dkim.verify_async(message) +>>> return res +>>> +>>> if __name__ == "__main__": +>>> res = asyncio.run(main()) + +This feature requires python3.5 or newer. + +As of version 1.0, the RFC 8460 tlsrpt service type is supported: + +https://tools.ietf.org/html/rfc8460 + +A non-tlsrpt signed with a key record with s=tlsrpt won't verify. Since the +service type (s=) is optional in the DKIM public key record, it is not +required by RFC 8460. When checking for a tlsrpt signature, set the tlsrpt= +flag when verifying the signature: + +>>> res = dkim.verify(smessage, tlsrpt='strict') + +If tlsrpt='strict', only public key records with s=tlsrpt will be considered +valid. If set to tlsrpt=True, the service type is not required, but other +RFC 8460 requirements are applied. + FEEDBACK Bug reports may be submitted to the bug tracker for the dkimpy project on