search

fastmail / mail-dkim

Mail::DKIM Perl module, forked from svn://svn.code.sf.net/p/dkimproxy/code/Mail-DKIM/trunk
8 stars 6 forks source link

EdDSA (ed25519) support #9

Closed pflanze closed 1 year ago

pflanze commented 4 years ago

Hi. I'm the author of "better-qmail-remote", a wrapper around qmail-remote that adds DKIM signatures. The project is currently using Mail::DKIM. I've been asked to support EdDSA (ed25519) keys, which I have done, but have realized that Mail::DKIM does not yet support such keys. What are your thoughts on adding such support?

Here is my project branch that supports EdDSA: https://github.com/pflanze/better-qmail-remote/tree/issue1

Here is the original issue on the matter: https://github.com/pflanze/better-qmail-remote/issues/1

Thanks a lot!

marcbradshaw commented 4 years ago

It's something on the roadmap, I don't have a timeline.

pgnd commented 1 year ago

@marcbradshaw is this still 'on the roadmap' ?

currently, for ref,

with DKIM dns zone data for a domain, example.com

    ;   SELECTOR (ed25519): 42c4465ce19e2af6
    dkim-42c4465ce19e2af6-ed25519._domainkey.example.com. 5 IN TXT "v=DKIM1; k=ed25519; p=8fD...=;"

    selector-ed25519._domainkey.example.com. 5 IN CNAME dkim-42c4465ce19e2af6-ed25519._domainkey.example.com.

    ;   SELECTOR (rsa):     42c4465ce19e2af6
    dkim-42c4465ce19e2af6-rsa._domainkey.example.com. 5 IN TXT (
      "v=DKIM1; k=rsa; h=sha256; s=email; t=s;"
      "p=MII..."
        ...
        "0wIDAQAB;"
    )

    selector-rsa._domainkey.example.com. 5 IN CNAME dkim-42c4465ce19e2af6-rsa._domainkey.example.com.

and dkimpy-milter config

    cat dkimpy-milter.conf
        ...
        SigningTable       refile:/opt/etc/dkimpy-milter/signing_table
        KeyTable           /opt/etc/dkimpy-milter/key_table_rsa
        KeyTableEd25519    /opt/etc/dkimpy-milter/key_table_ed25519
        Canonicalization   relaxed/relaxed
        Mode               s
        MacroList          daemon_name/DKIM_ORIGINATING
        SubDomains         No

    grep example.com  /opt/etc/dkimpy-milter/signing_table
        *@example.com    dkim-42c4465ce19e2af6-name.example.com

    grep example.com  /opt/etc/dkimpy-milter/key_table_rsa
        dkim-42c4465ce19e2af6-name.example.com  example.com:dkim-42c4465ce19e2af6-rsa:/opt/etc/dkim/dkim.1662932824.1661990400.1678233600.example.com.rsa.key.pem

    grep example.com  /opt/etc/dkimpy-milter/key_table_ed25519
        dkim-42c4465ce19e2af6-name.example.com  example.com:dkim-42c4465ce19e2af6-ed25519:/opt/etc/dkim/dkim.1662932824.1661990400.1678233600.example.com.ed25519.key

dkimpy-milter signs outbound correctly

    DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed;
     d=example.com; i=@example.com; q=dns/txt;
     s=dkim-42c4465ce19e2af6-ed25519; t=1662936130; h=message-id : date :
     from : subject : reply-to : to : content-type :
     content-transfer-encoding : from;
     bh=nos...=;
     b=w9u...==

    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
     d=example.com; i=@example.com; q=dns/txt;
     s=dkim-42c4465ce19e2af6-rsa; t=1662936130; h=message-id : date : from
     : subject : reply-to : to : content-type : content-transfer-encoding :
     from; bh=nos...=;
     b=PMi...==

but inbound authentication check with Authentication-Milter @FastMailreports

    Authentication-Results: mx4.example.net;

        dkim=pass (2048-bit rsa key sha256) header.d=example.com
          header.i=@example.com header.b=PMirdrv4 header.a=rsa-sha256
          header.s=dkim-42c4465ce19e2af6-rsa x-bits=2048;

!!!!    dkim=invalid (unsupported algorithm ed25519-sha256, 0-bit  key)
          header.d=example.com header.i=@example.com
          header.b=w9uQT3c3 header.a=- header.s=dkim-42c4465ce19e2af6-ed25519
          x-bits=0;
mnalis commented 1 year ago

Any progress on this? I'm too getting more and more failures with amavis/spamassassin which trace down to Mail::DKIM leading to reason="invalid (unsupported algorithm ed25519-sha256)"

It would be really nice if it could be supported, especially as RFC 8463 has been mandating for years now that "verifiers MUST implement the Ed25519-SHA256 algorithm".

pgnd commented 1 year ago

@marcbradshaw

Can you please provide some comment/guidance on plans for Ed25519-SHA256 support?

marcbradshaw commented 1 year ago

Hi, I don't have any additional clarity on a timeline or priority for this work. It remains in the backlog but is not scheduled.

pgnd commented 1 year ago

@marcbradshaw Thx for the update. Works as expected so far in local installs. Do you have an estimate of when Ed25519 support will find its way into Fastmail itself?

marcbradshaw commented 1 year ago

@pgnd This is not an official timeline, however I expect verification will be added quite soon. For signing the majority of the work lies in updating the key rotation algorithms to rotate the 2 types of key, and I have no timeline to share for that.