Reading documentation on DKIM I found it usefull to be able to distribute public keys through DNS to allow recipient to check signed content against it.
So, here is a couple of DomainKeysSigner and DomainKeysVerifier PHP classes that implement the sign and verify operations, with the verify operation fetching the public key through a custom DNS TXT record.
To start with, you need a public/private RSA key that you can obtain with openssl:
# openssl genrsa -out my.service.example.net.private.key 1024
Extract the public key:
# openssl rsa -in private.key -text -pubout
Now, you need to setup a DNS TXT record for your host/domain containing the base64 key from the previous command, without the « —–BEGIN PUBLIC KEY—– » and « —–END PUBLIC KEY—– » tags.
Let say you wan’t to set the key on « foo.example.net »:
foo.example.net. IN TXT "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyvgpjWK2w6FmlFxdxcSBwP0P50jsIUB3ZV0xYXolLF0jipXdjN/TgZjBAlRYlF7u/iXW7WmrbU/mwpdlyiK0+dZvwZMGUzqBOC1ULz5i8xPVidutkBhMMWFovipibnvU6TePJjMdeBTlEDpi1p4/V66yOxJ8sU1nYCTYJIqaX1QIDAQAB"
Now you can use the DNSPubKeySigner and DNSPubKeyVerifier classes to sign and verify a data signature with the public key fetched from the DNS TXT record.