UNRELEASED Version 0.9.0 - Add support for EAI addresses in domains and selectors (John Levine) - Add type Hinting for sign and verify functions (LP: #1782596) (Thomas Ward) - PEP8 Blank Lines Style Issues (LP: #1782596) (Thomas Ward) - Python 3.7 compatibility fixup for dkim.canonicalization. strip_trailing_lines due to changed RE.sub() processing (LP: #1800313) 2018-06-16 Version 0.8.1 - Correctly fold lines at or near the maximum line length (fix folding zero length lines and adding a blank line and adding an exra cr/lf for lines near max length (LP: #1717576) - Thanks to Christian Jørgensen and John Levine for reporting the issue - Add testing extras option to setup.py (Daniel Hahler) - Fix deprecation warnings in test asserts (Daniel Hahler) - Correctly limit try/except for imports to import errors (Daniel Hahler) - Don't error out in Python 3 if include headers is string (LP: #1776775) - Correct requires invocation for py3dns 2018-05-18 Version 0.8.0 - Change from distutils to setuptools with entry points because it's the future - Use install_requires and extras_requires to document external dependencies for dkimpy (LP: #1227526) - Fix typo in dknewkey(1) for k= tag (Thanks to Andreas Schulze for reporting) - Detect incorrect version in DKIM public key record (LP: #1763815) - Detect unknown algorithm in k= tag and raise an appropriate error, vice failing with a traceback - Indicate that ed25519-sha256 is no longer experimental 2018-02-17 Version 0.7.1 - Update ed25519 tests, including using sample keys from RFC 8032 Section 7.1 and the sample message from RFC 6376 - Return an empty list (as expected) when no AR headers are found or no AR arc stamps are found and the chain terminated (LP: #1748146) - Use correct h= tag in dknewnkey.py generated DKIM records for RSA 2018-02-07 Version 0.7.0 - Initial ed25519 implementation based on draft-ietf-dcrup-dkim-crypto experimental - IETF draft, design not finalized, See README for details - Port dkimsign.py to use argparse; now gives standard usage message and is more extensible - Add command line options to dkimsign.py to select header and body canonicalization algorithmns (LP: #1272724) - Add command line option to dkimsign.py to select signing algorithm - For dknewkey.py make default to include h=sha256 in the DNS record to exclude usage with sha1. Can be overriden - Update ARC processing to current draft - Fix arcverify tag requirements (LP: #1710312) - Fix empty body canonicalization for relaxed canonicalization (LP: #1727319) * Thanks to Matthew Palmer for the report and the proposed fix - Add new test, test_implicit_k, to verify that RSA processing is still correct when the optional k= tag is not present in the DKIM public key record - Fix -v verbose reporting in dkimverify.py - Fix unbound local variable error when processing signatures with an x tag, but no t tag (LP: #1739637) 2017-05-30 Version 0.6.2 - Fixed problem with header folding that caused the first line to be folded too long (Updated test test_add_body_length since l= tag is no longer at the beginning of a line) - Fixed python3.4 string interpolation issue - Fix some byte casting issues & typos - Add test case for verification when should headers are signed - Check and update references: * Replace RFC 4871 withRFC 6376 * Replaace RFC 3447 with RFC 8017 * Add mention of DCRUP working group addressing key length issues 2017-01-27 Version 0.6.1 - Fixed python3 dns lookup issue - Fixed arcverify.py issue 2017-01-23 Version 0.6.0 - Add capability to sign and verify ARC signatures - Added new script, dknewkey.py, to generate DKIM keys 2015-12-07 Version 0.5.6 - Brown paper bag release, 0.5.5 tarball inadvertently included pyc files and other artifacts from development 2015-12-07 Version 0.5.5 - Fix and test case for case insensitive subdomain matching. - Python3 compatibility fixes and test cases thanks to Diane Trout 2013-06-10 Version 0.5.4 - Fixed error in FWS regular expression that cause some valid signatures to fail verification (Thanks to Peter Palfrader (weasel) for the patch) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711751 - Change dkimsign.py to sign the default (recommended) set of headers instead of all headers 2012-10-27 Version 0.5.3 - Make key parsing error messages more specific to help troubleshooting based on user feedback 2012-06-13 Version 0.5.2 - Change canonicalization defaults to work around issues with different verification implementations - Fully fold DKIM-Signature on sign, and ignore FWS in b= value on verify - Fix hashing problem while signing using sha1 - Trap NXDOMAIN exception with dnspython - Other minor bug fixes 2012-02-03 Version 0.5.1 - Rename tarball to dkimpy to avoid confusion with original project - Apply performance patch from - save parsed signatures in DKIM object - do not require DNS/dnspython for signing 2011-10-26 Version 0.5 - Add test case and fix for - Add test case and fix for - Fix dkim.fold() - raise KeyFormatError when missing required key parts in DNS - do not sign all headers by default - option to verify signatures other than first 2011-06-16 Version 0.4.2 - Fix use of dns namespace so dnspython works 2011-06-15 Version 0.4.1 - Fix some except clauses for python3 - Correct Changelog and release versions - Add test case for - add back dkim.Relaxed and dkim.Simple constants 2011-06-14 Version 0.4 - new API: class DKIM to retrieve domain and other info after verify - Add support for python3 - pydns driver tested and fixed - when producing Relaxed mode signatures, the partial DKIM-Signature header must be canonicalized before hashing (Martin Pool) - other bug fixes 2008-06-25 Version 0.3 - length parameter to sign() is now a boolean - sign() now folds the DKIM-Signature line - validation of all inputs - general code cleanup 2008-02-19 Version 0.2 - handle "rsa-sha1" algorithm properly - handle multiple DKIM-Signature lines - handle FWS around = in DKIM-Signature lines - handle case of single canonicalization algorithm - handle l= signature property 2008-02-18 Version 0.1 - initial release