On Fri, 4 Jan 2008, Murray S. Kucherawy wrote: > Two hashes are generated when signing. One is the hash of the body, > which is eventually stored in the signature header as the value of the > "bh" tag. Then the headers to be signed are assembled and canonicalized, > including the DKIM-Signature: header you want to add but without the > value of "p=" (the actual signature). Those headers are then hashed, > and that hash is signed using the private key. The signature thus > generated is added as the "p=" value to the header just before it is > sent.
Just to clarify: The "bh" hash only indicates the hash of the canonicalized body. The second hash (which you never actually see) contains the output of the first plus the headers, and that's what gets signed. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
