Closed foolo closed 1 month ago
Looking a bit more at this, and realized that we probably also should make sure that every sanitized key is a valid ASN1 (DER) key. Yes, we could just remove certain characters and hope that the resulting value is a valid key value, but the keys could be broken in many ways that are hard to predict, and a hot-fix might just give more trouble.
So I would suggest the approach below, which is more work, but it would solve this and parts of other issues at the same time:
This makes sense!
New database columns keyType and keyData for DkimRecord: https://github.com/zkemail/archive.prove.email/commit/b1a66d0bfc5ec5c25d19d620c91063ae7230ed15
(Found when investigating non-matching keys found by the RSA GCD solver.)
Some DNS records are faulty and include none-base64 characters, which makes the key incorrect, but the key matches the results if we remove those extra characters.
Example:
dig Intel._domainkey.intel.com TXT +short
Result:
Note the extra space in the second partial string
We should probably clean these up before adding them to the database, and also fix existing such values in the database.