Archived Forum Post

Index of archived forum posts

Question:

dkim email signing

Sep 08 '15 at 14:35

I create DKIM keys here https://www.port25.com/support/domainkeysdkim-wizard/

The generated private key in following format:

-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDUTy07KnqNhaF2dBM6721BTYOP1jmgHh6YDcgFHALFzXX8s0bs
0QOnMT3GozhCdUFCIfYqv2EgUwgq0RAFyXQgykMEchHpegdc1/tyGKbfJsKbo/Up
wDzN8xebPtFAVaOPTzupT/b8Ej6SvFSa9Ch6PLNqXwh/91Cqb7tSRIoa/QIDAQAB
AoGBAM0zpcUM3pzQrumdcUTCS3gVonYwmUvgMLPIhi4iD6/9UO+om4Gi14QOfOXz
thnN2QBBcPuKNCcY+cjgfjsJplmUOK3FO5Dup6gKWF1gaLUfTB09+ThNp+l3KEKu
BFchNYWqAumBcUf+iBc3+11q0JuA5MjODCMq1LKOvNAAJyoBAkEA7t2i9kX+Pu1O
PQBpVe3Y36MSLuykZKaXGC45R8LfoBhEXALc6M/qvUvWdBj+tuzEWnt794DpzgYS
3x6Rx1RyfQJBAOOJ4B60HBuUcEezNsxTMnOGrG2ErrLakD2NqWjMuzU+kt7JKIgB
uPtKnVcZYJYKco77nP9VDADN5gAWUikgMoECQQDIck1ShSH6BIHnRvUeGt4nrVyQ
7Bx4KiQZMpD22111p2eWHwDqja/a8k0gV+lH8CBGHeHFrPSG4ynq+mgy8XaxAkBi
14DhNZJENM41h1dVmQqAfs8mYA3XqfQgmQoveUgVkBIS70VJF554ougIbwCzDOTI
0epYTGSDcO3puciFDvSBAkAm4ZLdYmqyWwc9mozDXyor04NbEhaj8fur8UJzB0V1
nzhBhGNhKW+otT0HY91Od+UxN1PGPc2HIm4owMa23mjY
-----END RSA PRIVATE KEY-----

In the example it states following:

'  Load a private key from any common RSA private key
'  format, such as DER, PKCS8, PEM, XML, etc.
'  The LoadDkimPkFile method automatically detects
'  the file format and reads it appropriately.
'  If a password is not required, you'll still need to provide
'  a password string argument, but it is ignored.

I saved my key in .txt file and here is my code:

<%

set mailman = Server.CreateObject("Chilkat_9_5_0.MailMan")
success = mailman.UnlockComponent("30-day

trial") set dkim = Server.CreateObject("Chilkat_9_5_0.Dkim") success = dkim.UnlockComponent("Anything for 30-day trial")

'  Set the SMTP server.
mailman.SmtpHost = "smtp.XXXX.com"
mailman.SmtpUsername = "validate@XXXX.com"
mailman.SmtpPassword = "XXXXX!"
mailman.SmtpPort = 25

set email = Server.CreateObject("Chilkat_9_5_0.Email")

email.Subject = "test from ABC"
email.Body = "test"
email.From = "validate@XXX.com"
email.AddTo  "XXX@gmail.com","XXX@gmail.com"

mimeData = mailman.RenderToMimeBytes(email)
If ( UBound(mimeData) = -1 ) Then
    Response.Write "<pre>" & Server.HTMLEncode(

mailman.LastErrorText) & "" End If

dkim.DkimDomain = "xxx.com"
dkim.DkimSelector = "key20150904"

password = "optionalPassword"
success = dkim.LoadDkimPkFile("C:\inetpub\wwwroot\xxxx.com\pk.txt",password)
If (success <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( dkim.LastErrorText)

& "" End If

dkimSignedMime = dkim.AddDkimSignature(mimeData)
If ( UBound(dkimSignedMime) = -1 ) Then
    Response.Write "<pre>" & Server.HTMLEncode( dkim.LastErrorText)

& "" End If

strFrom = "validate@xxx.com"
strTo = "xxxxx@gmail.com"
success = mailman.SendMimeBytes(strFrom,strTo,dkimSignedMime)
If (success <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode(

mailman.LastErrorText) & "" End If

success = mailman.CloseSmtpConnection()
If (success <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( "Connection to SMTP

server not closed cleanly.") & "" End If Response.Write "

" & Server.HTMLEncode( "DKIM Signed Mail
Sent!") & "
" %>

NOW, I'm GETTIN FOLLOWING ERORR

ChilkatLog:
  LoadDkimPkFile:
    DllDate: Aug 26 2015
    ChilkatVersion: 9.5.0.52
    UnlockPrefix: Anything for 30-day trial
    Username: U16417086:master_iis
    Architecture: Little Endian; 64-bit
    Language: ActiveX / x64
    VerboseLogging: 0
    filePath: C:\inetpub\wwwroot\alyr.com\pk.txt
    loadAnyDerPw:
      DecodeToAsn:
        premature end of BER encoding (F2)
        length: 45
        numBytesLeft: 43
      --DecodeToAsn
      loadAnyAsn:
        Invalid ASN.1 for public/private key
      --loadAnyAsn
      der_to_xml:
        ASN data length exceeds remaining number of bytes available.
        tag: 13
        idClass: 0
        bConstructed: 1
        headerLen: 2
        dataLen: 45
        inlen: 43
        Abort ASN.1 processing...
        recursiveDepth: 1
      --der_to_xml
      der_xml: <?xml version="1.0" encoding="utf-8" ?>
<relativeOid />

    --loadAnyDerPw
    Failed.
  --LoadDkimPkFile
--ChilkatLog

DKIM Signed Mail Sent!

WHAT DO I DO WRONG ?!?!?


Accepted Answer

This new build fixes it:
32-bit Download: http://www.chilkatsoft.com/download/preRelease/ChilkatAx-9.5.0-win32.zip
64-bit Download: http://www.chilkatsoft.com/download/preRelease/ChilkatAx-9.5.0-x64.zip

An alternative solution without using the new build is to load the file contents into a string, and then call LoadDkimPk instead (passing the PEM string in the 1st arg).


Answer

I found the problem. I used LoadDomainKeyPk instead of LoadDkimPk method to load the key. So changing the method solved the problem. So I got pass from GMail. GREAT!!!


Answer

Chilkat thank you for your respond. I figured this out on friday, however I still having difficulties to sign my email.


By using your LoadDkimPk I sign the email, but Gmail doesn't recognized and gives following mesage:

Authentication-Results: mx.google.com;
spf=neutral (google.com: 74.208.4.194 is neither permitted nor denied by best guess record for domain of validate@alyr.com) smtp.mailfrom=validate@alyr.com;
dkim=neutral (bad format) header.i=@alyr.com;
dmarc=fail (p=NONE dis=NONE) header.from=gmail.com

It looks like GMail doesn't recognize signiture. Is there a way to validate email if it was signed properly? There is no ERRORs from ActiveX, but I'm not sure if it does the proper signing. Any ideas?

Here is my updated code (I removed validations for cleaner look here):

set mailman = Server.CreateObject("Chilkat_9_5_0.MailMan") success = mailman.UnlockComponent("30-day trial")

set dkim = Server.CreateObject("Chilkat_9_5_0.Dkim") success = dkim.UnlockComponent("Anything for 30-day trial")

mailman.SmtpHost = "smtp.1and1.com" mailman.SmtpUsername = "xxxx@mydomain.com" mailman.SmtpPassword = "xxxx" mailman.SmtpPort = 25

set email = Server.CreateObject("Chilkat_9_5_0.Email") email.Subject = "Test #1" email.Body = "Test message" email.From = "xxxx@mydomain.com" email.AddTo "test","xyxyxy@gmail.com"

mimeData = mailman.RenderToMimeBytes(email)

dkim.DkimDomain = "mydomain.com" dkim.DkimSelector = "key20150904" password = "" pk=""

pk=pk&"-----BEGIN RSA PRIVATE KEY-----"&vbCrLf pk=pk&"MIICXQIBAAKBgQDUTy07KnqNhaF2dBM6721BTYOP1jmgHh6YDcgFHALFzXX8s0bs"&vbCrLf pk=pk&"0QOnMT3GozhCdUFCIfYqv2EgUwgq0RAFyXQgykMEchHpegdc1/tyGKbfJsKbo/Up"&vbCrLf pk=pk&"wDzN8xebPtFAVaOPTzupT/b8Ej6SvFSa9Ch6PLNqXwh/91Cqb7tSRIoa/QIDAQAB"&vbCrLf pk=pk&"AoGBAM0zpcUM3pzQrumdcUTCS3gVonYwmUvgMLPIhi4iD6/9UO+om4Gi14QOfOXz"&vbCrLf pk=pk&"thnN2QBBcPuKNCcY+cjgfjsJplmUOK3FO5Dup6gKWF1gaLUfTB09+ThNp+l3KEKu"&vbCrLf pk=pk&"BFchNYWqAumBcUf+iBc3+11q0JuA5MjODCMq1LKOvNAAJyoBAkEA7t2i9kX+Pu1O"&vbCrLf pk=pk&"PQBpVe3Y36MSLuykZKaXGC45R8LfoBhEXALc6M/qvUvWdBj+tuzEWnt794DpzgYS"&vbCrLf pk=pk&"3x6Rx1RyfQJBAOOJ4B60HBuUcEezNsxTMnOGrG2ErrLakD2NqWjMuzU+kt7JKIgB"&vbCrLf pk=pk&"uPtKnVcZYJYKco77nP9VDADN5gAWUikgMoECQQDIck1ShSH6BIHnRvUeGt4nrVyQ"&vbCrLf pk=pk&"7Bx4KiQZMpD22111p2eWHwDqja/a8k0gV+lH8CBGHeHFrPSG4ynq+mgy8XaxAkBi"&vbCrLf pk=pk&"14DhNZJENM41h1dVmQqAfs8mYA3XqfQgmQoveUgVkBIS70VJF554ougIbwCzDOTI"&vbCrLf pk=pk&"0epYTGSDcO3puciFDvSBAkAm4ZLdYmqyWwc9mozDXyor04NbEhaj8fur8UJzB0V1"&vbCrLf pk=pk&"nzhBhGNhKW+otT0HY91Od+UxN1PGPc2HIm4owMa23mjY"&vbCrLf pk=pk&"-----END RSA PRIVATE KEY-----"&vbCrLf

success = dkim.LoadDomainKeyPk(pk,password) dkimSignedMime = dkim.AddDkimSignature(mimeData) strFrom = "xxxxx@mydomain.com" strTo = "xyxyxyx@gmail.com" success = mailman.SendMimeBytes(strFrom,strTo,dkimSignedMime) success = mailman.CloseSmtpConnection()

Here is the public key lookup:
http://www.dnswatch.info/dns/dnslookup?la=en&host=key20150904._domainkey.alyr.com&type=TXT&submit=Resolve

Again what do I do wrong?


Answer

OK, I see the problem. Here is the header in GMail:


Authentication-Results: mx.google.com;
       spf=neutral (google.com: 74.208.4.196 is neither permitted nor denied by best guess record for domain of validate@alyr.com) smtp.mailfrom=validate@alyr.com;
       dkim=neutral (bad format) header.i=@alyr.com

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; q=dns/txt;
 d=alyr.com; s=key20150904;
 h=mime-version:date:message-id:subject:from:to:content-type;
 bh=6FhKeN/j0k6jiPBj3cWOB3AuWiqdp4cumvzvOZ2SKs8=;
 b=


It's looks like b= parameter is missing. So, the actual signiture is missing. The quetion is why (see above reply with the code)?