810d543085
Create ed25519 key files with secure permissions to avoid risk of insecure chmode call/race condition (LP: #2017430 )
2023-04-30 09:25:28 -04:00
2fc00b0218
Catch nacl.exceptions.ValueError and raise KeyFormatError, similar to how RSA key errors are treated (LP: #2018021 )
2023-04-29 00:09:14 -04:00
264230308c
fix correct AMS header selection
...
When we are verifying the ARC seal we need to fetch the raw AMS header
from the header list. But it's not enough to return the first one we
find, since we may be interested in a different arc seal, we need
to search for the correct ARC index.
2023-03-30 16:02:46 +01:00
dd6bbd4c88
- Fix traceback when attempting to verify an unsigned message using
...
async verify (Thanks to Nikita Sychev for the report and a suggested
fix) (LP: #2008723 )
2023-02-28 00:02:07 -05:00
59e9dd2cb5
Correct base64 validation regexp so that valid signature with == split
...
between two lines are not incorrectly evaluated as invalid (LP:
#2002295 ) - Thanks to <https://launchpad.net/~obadz > for the report and
the proposed fix
2023-02-25 17:16:53 -05:00
2115a5e9f8
Invalid Authentication-Results header fields are ignored for ARC signing
...
(LP: #1884044 )
2023-02-25 17:10:17 -05:00
b74452d9da
Add new dkim.DnsTimeoutError class to report queried domain and selector
...
along with timeout error from dnspython (LP: #1873449 )
2023-02-25 16:44:06 -05:00
233a9699ed
Add USE_ASYNC flag to allow async to be disabled when aiodns is
...
installed (LP: #1954331 ) - see README.md for details
2023-02-25 16:25:20 -05:00
50a81ab8d6
Add test test_non_utf8 which at least demonstrates not crashing on non UTF-8 data
2023-02-25 15:40:49 -05:00
143e3bffea
Fix dknewkey import in dkim/tests/test_dkim_generate.py
2023-02-25 15:39:38 -05:00
0540d3cb17
Changed read_test_data to suit test needs
2022-08-01 17:05:41 +02:00
fab181ae34
Add key generation unit test
2022-08-01 09:42:44 +02:00
2883f35bdd
Edited param description for parse_private_key(data)
2022-08-01 01:31:35 +02:00
8e78ce7e13
refacor of PKCS8 parsing, added pkcs8 test
2022-08-01 00:49:39 +02:00
20d9ca1e1c
Enabled PKCS#8 for private keys
2022-07-31 11:49:58 +02:00
f4dff24d68
Add domain validity check for ascii domains (no specials)
2022-01-16 18:21:10 -05:00
6dcaaac712
Provide more specific error message when ed25519 private key is invalid
2021-11-24 15:37:06 -05:00
9c8e46eb5c
Fix @param srv_id typos (LP: #1890532 )
2020-08-08 17:04:34 -04:00
b0bfc115e7
Update dnsplug for DNS Python (dns) 2.0 compatibility (LP: #1888583 )
2020-08-08 16:53:08 -04:00
d1360c8e25
Add tests for invalid domains, probably not a security issue in the DKIM context, but we should raise errors here.
2020-04-21 20:29:45 -04:00
3e16ceac23
Add option to specify index number of signature to verify to dkimverify (Thanks to Nick Baugh for the change)
2020-04-06 18:09:23 -04:00
4b38d9b5ac
Merge branch 'addtest'
2020-04-06 17:43:28 -04:00
987ea0a964
Add test case for verifying a message with no signature
2020-04-06 17:43:16 -04:00
095f68d943
- Correct dkim.verify processing to avoid errors when verifying messages
...
with no DKIM signatures
2020-04-06 00:27:04 -04:00
443aed143a
- Correct signature indexing error introduced in 1.0.0 that prevents
...
verification of multiple signatures in a single message
2020-01-15 11:03:07 -05:00
dc2f7f07f2
- dknewkey: On posix operating systems set file permissions to 600 for ed25519 private key files (as is already done for RSA) (LP: #1857827 )
2019-12-31 01:17:19 -05:00
5a0824108d
Provide specialized error message when signing or verifying ed25519
...
signatures and pynacl is not installed (LP: #1854475 )
2019-12-15 01:12:02 -05:00
6c5f701131
Follow CNAMES when looking up key records when using DNS (pydns)
...
(LP: #1856421 )
2019-12-15 00:42:31 -05:00
f680dd879b
Merge async work into master for 1.0
2019-12-09 09:18:25 -05:00
7173c0cbcc
Catch binascii related key format errors (LP: #1854477 )
2019-12-08 02:43:57 -05:00
4d2f425ae3
- Support signature verification with SubjectPublicKeyInfo formatted keys
...
since, although rare, they are RFC 6376 specified (LP: #1851862 )
2019-11-08 23:19:17 -05:00
5893862e31
New keys and test cases for RSA key format variants like RSAPublicKey
2019-11-08 23:13:26 -05:00
7972217756
DKIM.verify: Refactor to minimize code duplication in dkim.asyncsupport.
2019-11-05 21:36:06 -05:00
9bdb451cd8
DKIM.verify_sig: Refactor to minimize code duplication in dkim.asyncsupport.
2019-11-05 21:10:28 -05:00
3de1dc0362
Refactor load_pk_from_dns to reduce code duplication between async and non-async.
2019-11-05 08:34:13 -05:00
2973852fbb
- Add new DKIM.present function to allow applications to test if a DKIM
...
signature is present without doing validation (LP: #1851141 )
2019-11-03 11:57:30 -05:00
3dda94ca2d
Initial async support - works but so much overriding ...
2019-11-02 11:15:36 -04:00
2dc071962d
Don't error out on dnsplug tests is DNS/dns isn't installed as preparation for adding async/aiodns support
2019-11-01 17:24:16 -04:00
fa93e56fa2
Minor timeout and tlsprt cleanups
2019-11-01 17:22:15 -04:00
ebe8fc7c77
Add support for RFC 8460 tlsrpt DKIM signature processing (LP: #1847020 )
2019-10-31 20:53:06 -04:00
69049feda1
Add test for l= processing
2019-10-31 20:45:20 -04:00
5487f798ac
Documentation updates
2019-10-30 18:52:36 -04:00
1f2597a666
- Add new timeout parameter to enable DNS lookup timeouts to be adjusted
...
- Drop usage of pymilter Milter.dns in dnsplug since it doesn't support
havine a timeout passed to it
2019-10-30 18:46:31 -04:00
6db388df39
Ignore unknown service types in key records (LP: #1847020 )
2019-10-07 08:34:05 -04:00
8365b52ac8
- Fix default canonicalization for DKIM signature verification to be
...
simple/simple per RFC 6376 (LP: #1839299 ) (Thanks to Cyril Nicodème for
the report and a suggested fix)
2019-08-09 09:21:26 -04:00
0019bad372
- Fix linesep setting in arcsign script (LP: #1838262 ) (Thanks to Gowtham
...
Gopalakrishnan for the report and the patch)
2019-08-04 17:51:27 -04:00
7766ffd7ab
Update copyright statements
2019-04-14 22:57:35 -04:00
a1b6e73ae1
- Add additional text documenting use of srv_id for ARC signing (LP: #1808301 )
2019-04-14 22:21:45 -04:00
aa5419b7d9
Fix cv=none processing for initial signature in chain
2019-04-14 22:17:41 -04:00
0ce3775afa
Fix the arcsign script so it works with the current API
2019-04-14 22:10:36 -04:00
Scott Kitterman