Re: The signatures in the mail header and my installed keys don't match. (fwd)

From: Murray S. Kucherawy <>
Date: Tue, 19 May 2015 15:38:29 -0700 (PDT)

[moving from opendkim-dev]

---------- Forwarded message ----------
Date: Tue, 19 May 2015 13:55:55 -0700 (PDT)
From: Murray S. Kucherawy <>
To: Mike McKoy <>
Subject: Re: The signatures in the mail header and my installed keys don't

On Tue, 19 May 2015, Mike McKoy wrote:
> So I've installed OPENDKIM and want to get it working before I setup NAMED
> on this server. Currently Godaddy is handling my DNS. DKIM is signing
> messages but it seems to be using the wrong key. I don't know how it is
> doing this because I checked the keys in /etc/opendkim/keys and they don't
> resemble the one I see in the header. Looking in maillogs there are no
> errors when signing. 
> Here is a copy of of my key:
> "v=DKIM1; k=rsa; "
> azIqVcG5p31Rr54yBTpoTjVLRmoJ1tXdrr0O6NnGb9FyoWPqKi3CkSya2V5PI8DcgSwIDAQAB"

That's a public key (specifically, the base64 encoding of your RSA public key).

> DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;
> s=default; t=1432027078;
> bh=fAK46wh0L4gFk+8+jo6UW0qH58ckLjzME9PLXmNZf2M=;
> h=Date:To:From:Subject;
> b=EC6FWURdpXuoNazcDj2Bt8i9P7nKKeH9xUQD7AdvzFPUqB3lS9wtIs5+OqQeRXpj0
> bdmtKAkOa3SfcC2IXT9Tn+DfgkRbGj1gM0uNcFdevDzVXIndXdrckEFOIO2p8s/sO1
> BwRBwc3B3ZdL4YBnz7iddktwWwtXPWOWdGeGKOb4=

That's a digital signature (specifically, the base64 encoding of the SHA256
hash of the header block after being encrypted with the private key that
matches your public key).

They aren't supposed to be the same thing.

Received on Tue May 19 2015 - 22:38:45 PST

This archive was generated by hypermail 2.3.0 : Tue May 19 2015 - 22:45:02 PST