On 3/31/21 12:57 PM, Eric Germann wrote:
[...]
In /usr/local/assp/dkim/dkimconfig.txt I have the following for my domain
[...]
My public key is published in the DNS for XXXX.com <http://XXXX.com>.
I’ve verified it’s there by doing a "dig @nameserver
dkim._domainkey.XXXX.com <http://domainkey.XXXX.com> +short". It
matches what is in the DKIM generator.
You tried to obscure the domain name but you missed redacting it one
place. If that domain name is the actual one you're working with, then
your DNS entry is incomplete:
```
$ dig dkim._domainkey.semperen.com txt +short
"v=DKIM1"
```
Compare that to the published DKIM key for my domain, panoptic.com:
```
$ dig default._domainkey.panoptic.com txt +short
"v=DKIM1\; k=rsa\;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjlAjovTKKp1Nx74U4Atv4QEalKWvG0w6AwLLuecBLSwes2wi+C6ov9+LwaOPFRkM"
"yzpzRQkeAz26LsB3otCVpraSqsaNTkJkOi7BNrMeefQmMV7VETy9Q9bu9y62DYsnsQTJbyGigJzPZUOxRgFobZcNFO3ysIEbwHgau8dOkZMqBGL4dq2uHJTJsHmcdiE"
"y8X2DsHoRpg5M26YPuvsLRYS+7qzSAPaXzq42zNScL5a6KCqu2t77HFz0tw6kSL3NbzrErAjsXZR828Wky/BeguwgK1m8CM7VIcpc0vHoYscbl2glOw6PJIhFPkMKSa"
"50F0L9kMwGyfqVTUaE+KcEQIDAQAB"
```
Not sure if the lack of public key published in your DNS entry would
result in a "bad RSA signature" failure on validation, but there's no
way to validate the signature without your public key published properly.
HTH, HAND,
Dossy
--
Dossy Shiobara | "He realized the fastest way to change
do...@panoptic.com | is to laugh at your own folly -- then you
http://panoptic.com/ | can let go and quickly move on." (p. 70)
* WordPress * jQuery * MySQL * Security * Business Continuity *
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
