DandelionNStuff/dkimpy-smtputf8
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add generation of rsafp DNS records per draft-ietf-dcrup-dkim-crypto-02

Browse Source
This commit is contained in:
Scott Kitterman
2017-06-22 19:56:27 -04:00
parent d65f66f9d1
commit bd14c6e90a
2 changed files with 14 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ChangeLog
+1 -1
View File
@@ -8,7 +8,7 @@ UNRELEASED Version 0.7.0
exclude usage with sha1. Can be overriden. exclude usage with sha1. Can be overriden.
- Update dknewkey.py to use argparse. Add --ktype option to specify - Update dknewkey.py to use argparse. Add --ktype option to specify
different key type options in anticipation of the DCRUP WG output. different key type options in anticipation of the DCRUP WG output.
- Add generation of rsafp DNS records per draft-ietf-dcrup-dkim-crypto-02
2017-05-30 Version 0.6.2 2017-05-30 Version 0.6.2
- Fixed problem with header folding that caused the first line to be - Fixed problem with header folding that caused the first line to be
folded too long (Updated test test_add_body_length since l= tag is no folded too long (Updated test test_add_body_length since l= tag is no
dknewkey.py
+13 -7
View File
@@ -30,13 +30,12 @@ import subprocess
import sys import sys
import tempfile import tempfile
import argparse import argparse
import hashlib
import base64
# how strong are our keys? # how strong are our keys?
BITS_REQUIRED = 2048 BITS_REQUIRED = 2048
# limit to rsa-sha256?
HTAG='sha256'
# what openssl binary do we use to do key manipulation? # what openssl binary do we use to do key manipulation?
OPENSSL_BINARY = '/usr/bin/openssl' OPENSSL_BINARY = '/usr/bin/openssl'
@@ -49,7 +48,7 @@ def GenKeys(private_key_file):
str(BITS_REQUIRED)]) str(BITS_REQUIRED)])
def ExtractDnsPublicKey(private_key_file, dns_file, key_type='rsa'): def ExtractDnsPublicKey(private_key_file, dns_file, key_type='rsa', alg='sha256'):
""" Given a key, extract the bit we should place in DNS. """ Given a key, extract the bit we should place in DNS.
""" """
print >> sys.stderr, 'extracting ' + private_key_file print >> sys.stderr, 'extracting ' + private_key_file
@@ -63,8 +62,11 @@ def ExtractDnsPublicKey(private_key_file, dns_file, key_type='rsa'):
os.unlink(working_file) os.unlink(working_file)
dns_fp = open(dns_file, "w+") dns_fp = open(dns_file, "w+")
print >> sys.stderr, 'writing ' + dns_file print >> sys.stderr, 'writing ' + dns_file
if HTAG: if key_type == 'rsafp':
print >> dns_fp, "k={0} h={1}; p={2}".format(key_type,HTAG,output) alg = False
output = base64.b64encode(hashlib.sha256(output).digest())
if alg:
print >> dns_fp, "k={0} h={1}; p={2}".format(key_type,alg,output)
else: else:
print >> dns_fp, "k={0}; p={1}".format(key_type, output) print >> dns_fp, "k={0}; p={1}".format(key_type, output)
dns_fp.close() dns_fp.close()
@@ -77,6 +79,9 @@ def main(argv):
parser.add_argument('--ktype', choices=['rsa', 'rsafp'], parser.add_argument('--ktype', choices=['rsa', 'rsafp'],
default='rsa', default='rsa',
help='DKIM key type: Default is rsa') help='DKIM key type: Default is rsa')
parser.add_argument('--alg', choices=['', 'sha256'],
default='sha256',
help='Acceptable signing algorithm for the key')
args=parser.parse_args() args=parser.parse_args()
if sys.version_info[0] >= 3: if sys.version_info[0] >= 3:
args.key_name = bytes(args.key_name, encoding='UTF-8') args.key_name = bytes(args.key_name, encoding='UTF-8')
@@ -87,11 +92,12 @@ def main(argv):
key_name = args.key_name key_name = args.key_name
key_type = args.ktype key_type = args.ktype
alg = args.alg
private_key_file = key_name + '.key' private_key_file = key_name + '.key'
dns_file = key_name + '.dns' dns_file = key_name + '.dns'
GenKeys(private_key_file) GenKeys(private_key_file)
ExtractDnsPublicKey(private_key_file, dns_file, key_type) ExtractDnsPublicKey(private_key_file, dns_file, key_type, alg)
if __name__ == '__main__': if __name__ == '__main__':