Rollout your own DomainKeys-like signature verification in PHP

Reading documentation on DKIM I found it usefull to be able to distribute public keys through DNS to allow recipient to check signed content against it.

So, here is a couple of DomainKeysSigner and DomainKeysVerifier PHP classes that implement the sign and verify operations, with the verify operation fetching the public key through a custom DNS TXT record.

To start with, you need a public/private RSA key that you can obtain with openssl:

# openssl genrsa -out my.service.example.net.private.key 1024

Extract the public key:

# openssl rsa -in private.key -text -pubout

Now, you need to setup a DNS TXT record for your host/domain containing the base64 key from the previous command, without the « —–BEGIN PUBLIC KEY—– » and « —–END PUBLIC KEY—– » tags.

Let say you wan’t to set the key on « foo.example.net »:

foo.example.net. IN TXT "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyvgpjWK2w6FmlFxdxcSBwP0P50jsIUB3ZV0xYXolLF0jipXdjN/TgZjBAlRYlF7u/iXW7WmrbU/mwpdlyiK0+dZvwZMGUzqBOC1ULz5i8xPVidutkBhMMWFovipibnvU6TePJjMdeBTlEDpi1p4/V66yOxJ8sU1nYCTYJIqaX1QIDAQAB"

Now you can use the DNSPubKeySigner and DNSPubKeyVerifier classes to sign and verify a data signature with the public key fetched from the DNS TXT record.

– https://github.com/eguaj/DNSPubKeyVerifier

Ce contenu a été publié dans code, system. Vous pouvez le mettre en favoris avec ce permalien.

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *

*