Rollout your own DomainKeys-like signature verification in PHP

Reading documentation on DKIM I found it usefull to be able to distribute public keys through DNS to allow recipient to check signed content against it.

So, here is a couple of DomainKeysSigner and DomainKeysVerifier PHP classes that implement the sign and verify operations, with the verify operation fetching the public key through a custom DNS TXT record.

To start with, you need a public/private RSA key that you can obtain with openssl:

# openssl genrsa -out my.service.example.net.private.key 1024

Extract the public key:

# openssl rsa -in private.key -text -pubout

Now, you need to setup a DNS TXT record for your host/domain containing the base64 key from the previous command, without the « —–BEGIN PUBLIC KEY—– » and « —–END PUBLIC KEY—– » tags.

Let say you wan’t to set the key on « foo.example.net »:

foo.example.net. IN TXT "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyvgpjWK2w6FmlFxdxcSBwP0P50jsIUB3ZV0xYXolLF0jipXdjN/TgZjBAlRYlF7u/iXW7WmrbU/mwpdlyiK0+dZvwZMGUzqBOC1ULz5i8xPVidutkBhMMWFovipibnvU6TePJjMdeBTlEDpi1p4/V66yOxJ8sU1nYCTYJIqaX1QIDAQAB"

Now you can use the DNSPubKeySigner and DNSPubKeyVerifier classes to sign and verify a data signature with the public key fetched from the DNS TXT record.

– https://github.com/eguaj/DNSPubKeyVerifier

Ce contenu a été publié dans code, system. Vous pouvez le mettre en favoris avec ce permalien.

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

*