DandelionNStuff/dkimpy-smtputf8
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update README

Browse Source
This commit is contained in:
Scott Kitterman
2018-02-05 14:44:49 -05:00
parent 581a1cd3f6
commit ae20ad128f
1 changed files with 25 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README
+25 -4
View File
@@ -65,9 +65,8 @@ The reason for the test failure is that the ARC specification (as of 20170120)
sets the minimum key size to 512 bits. This is operationally inappropriate, sets the minimum key size to 512 bits. This is operationally inappropriate,
so dkimpy sets the default minkey=1024, the same as is used for DKIM. This so dkimpy sets the default minkey=1024, the same as is used for DKIM. This
can be overridden, but that is not recommended. The minimum key size can be overridden, but that is not recommended. The minimum key size
requirement for DKIM (and thus ARC) is in the process of being updated to requirement for DKIM (and thus ARC) has recently been updated to require at
require at least a 1024 bit key. Information about the status of this effort least a 1024 bit key. See RFC 8301.
is at https://datatracker.ietf.org/doc/draft-ietf-dcrup-dkim-usage/
USAGE USAGE
@@ -78,7 +77,29 @@ function takes an RFC822 formatted message, and returns True or False depending
on whether the signature verifies correctly. There is also a DKIM class which on whether the signature verifies correctly. There is also a DKIM class which
can be used to perform these functions in a more modern way. can be used to perform these functions in a more modern way.
Two helper programs are also supplied: dkimsign.py and dkimverify.py. RFC8301 updated DKIM requirements in two ways:
1. It set the minimum valid RSA key size to 1024 bits.
2. It removed use of rsa-sha1.
As of version 0.7, the dkimpy defaults largely support these requirements.
It is possible to override the minimum key size to a lower value, but this is
strongly discouraged. As of 2018, keys much smaller than the minimum are not
difficult to factor.
The code for rsa-sha1 signing and verification is retained, but not used for
signing by default. Future releases will raise warnings and then errors when
verifying rsa-sha1 signatures. There are still some significant users of
rsa-sha1 signatures, so operationally it's premature to disable verification
of rsa-sha1.
Three helper programs are also supplied: dknewkey.py, dkimsign.py and
dkimverify.py.
dknewkey.py is s script that produces private and public key pairs suitable
for use with DKIM. Note that the private key file format used for ed25519 is
not standardized (there is no standard) and is unique to dkimpy.
dkimsign.py is a filter that reads an RFC822 message on standard input, and dkimsign.py is a filter that reads an RFC822 message on standard input, and
writes the same message on standard output with a DKIM-Signature line writes the same message on standard output with a DKIM-Signature line