mdecimus
commented
1 year ago Thank you for the quick fix! Will test it now.
Closed djc closed 1 year ago
mdecimus
commented
1 year ago Thank you for the quick fix! Will test it now.
mdecimus
commented
1 year ago Everything looks good, just published version 0.3.0.
djc
commented
1 year ago Great, we'll start integrating this next week.
This seems to fix it. So one thing that took me a fair bit of time to work out previously was that the RustCrypto algorithms have APIs that accept a prehashed input for signing. ring does not offer this kind of API for RSA algorithms, and requires the full message as input, which will then be hashed during the signing operation. However, while Ed25519 signatures are always hashed using SHA512 as part of the signing/verification operations, for the DKIM ed25519-sha256 algorithm you are then still required to hash the input before signing or verifying. Very nice that you caught this!