On Wed, Apr 19, 2006 at 03:32:29PM -0400, John Peacock wrote:
> Elliot Foster wrote:
> >One thing that I noticed was that it read the entire message into
> >memory, rather than point to the cached message on disk. It would nice
> >to not have to read the entire message into memory.
>
> That is absolutely required, in that the entire message is required to
> be read in order to calculate the signature to compare to the header.
Sort of. The correct way to do this is to hash the message line-by-line
and sign the hash; however, the CPAN RSA module I chose wants the original
string and would hash the hash again if one tried this.
I wrote a patch to Crypt::OpenSSL::RSA to give it the option of signing
pre-hashed data, but it was ugly and since I've lost it.
On the other hand, there is another RSA module on CPAN that likes to sign
pre-hashed data, but it has mathematical difficulties with keys generated
by OpenSSL. I tried contacting the author, but received no response.
Since the draft has expired, and both the IETF and Yahoo are going with
DKIM, I think that DomainKeys is a big fat dead end. If anyone wants
to take over the plugin and/or CPAN module, let me know and it's yours.
Thanks,
--
Au
PGP Key ID: 0x385B44CB
Fingerprint: 9E9E B116 DB2C D734 C090 E72F 43A0 95C4 385B 44CB
"Maximus vero fugiens a quodam Urso, milite Romano, interemptus est"
- Getica 235
