Exception thrown when dual-signing is configured
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dkimpy-milter |
Invalid
|
Undecided
|
Unassigned |
Bug Description
with
pip show dkimpy-milter dkimpy pymilter pynacl | egrep "Name:|Version:"
Name: dkimpy-milter
Version: 1.2.2
Name: dkimpy
Version: 1.0.5
Name: pymilter
Version: 1.0.4
Name: PyNaCl
Version: 1.4.0
python v3.8.6
lsb_release -rd
Description: Fedora release 32 (Thirty Two)
Release: 32
i've dknewkey-generated both rsa & ed25519 keys, and pushed to nameserver.
(i've also tried 'openssl' key generation ... results, as below, are the same in both cases)
with dkimpy-config
...
KeyTable /etc/dkimpy-
#KeyTableEd25519 /etc/dkimpy-
...
where
cat /etc/dkimpy-
*@example.net dkim-2a072a271a
cat key_table_ed25519
dkim-
cat key_table_rsa
dkim-
checking,
dig @1.1.1.1 TXT selector.
dkim-
"v=DKIM1; k=ed25519; p=0cU7XIzvq3Y3U
"v=DKIM1; k=rsa; h=sha256; s=email; t=s;" "p=MIIB...qK" "uC3KM...CAE" "PB2s...JaS" "3lyD...IdF" "Nde3...N3o+" "0R8T3...lkg" "rQIDAQAB;"
outbound mail's rsa-signed
Oct 26 09:00:30 mx.example.com dkimpy-
Oct 26 09:00:30 mx.example.com dkimpy-
Oct 26 09:00:30 mx.example.com dkimpy-
Oct 26 09:00:30 mx.example.com dkimpy-
and verifies/passes all checks.
rsa signing works in any/all cases.
enabling dual-signing,
...
KeyTable /etc/dkimpy-
- #KeyTableEd25519 /etc/dkimpy-
+ KeyTableEd25519 /etc/dkimpy-
...
outbound signing appears to succeed for rsa, bug fails for subsequent/
" sign_dkim: The seed must be exactly 32 bytes long"
logs,
Oct 26 09:01:27 mx.example.com dkimpy-
Oct 26 09:01:27 mx.example.com dkimpy-
Oct 26 09:01:27 mx.example.com dkimpy-
Oct 26 09:01:27 mx.example.com dkimpy-
Oct 26 09:01:27 mx.example.com dkimpy-
Oct 26 09:01:27 mx.example.com dkimpy-
Oct 26 09:01:27 mx.example.com dkimpy-
Oct 26 09:01:27 mx.example.com dkimpy-
Oct 26 09:01:27 mx.example.com dkimpy-
h = d.sign(
Oct 26 09:01:27 mx.example.com dkimpy-
pk = nacl.signing.
Oct 26 09:01:27 mx.example.com dkimpy-
Oct 26 09:01:27 mx.example.com dkimpy-
no longer affects: | archlinux |
summary: |
- ed25519 signing ERROR: "sign_dkim: The seed must be exactly 32 bytes - long" + Exception thrown when dual-signing is configured |
Same results on arch when trying to sign both rsa and ed25519.
When rsa is commented out, ed25519 signs perfectly fine, and vice versa.
Name: dkimpy-milter
Version: 1.2.2
Name: dkimpy
Version: 1.0.5
Name: pymilter
Version: 1.0.4
Name: PyNaCl
Version: 1.4.0
sign_dkim: The seed must be exactly 32 bytes long python3. 9/site- packages/ Milter/ __init_ _.py", line 772, in <lambda>
milter. set_eom_ callback( lambda ctx: ctx.getpriv( ).eom() ) python3. 9/site- packages/ Milter/ __init_ _.py", line 772, in <lambda> set_eom_ callback( lambda ctx: ctx.getpriv( ).eom() ) python3. 9/site- packages/ dkimpy_ milter/ __init_ _.py", line 198, in eom
self. sign_dkim( txt) python3. 9/site- packages/ dkimpy_ milter/ __init_ _.py", line 198, in eom sign_dkim( txt) python3. 9/site- packages/ dkimpy_ milter/ __init_ _.py", line 335, in sign_dkim
h = d.sign( codecs. encode( self.selectorEd 25519, 'ascii'), codecs. encode( self.fdomain, 'ascii'), python3. 9/site- packages/ dkimpy_ milter/ __init_ _.py", line 335, in sign_dkim codecs. encode( self.selectorEd 25519, 'ascii'), codecs. encode( self.fdomain, 'ascii'), python3. 9/site- packages/ dkim/__ init__. py", line 832, in sign
pk = nacl.signing. SigningKey( privkey, encoder= nacl.encoding. Base64Encoder) python3. 9/site- packages/ dkim/__ init__. py", line 832, in sign SigningKey( privkey, encoder= nacl.encoding. Base64Encoder) python3. 9/site- packages/ nacl/signing. py", line 153, in __init__
raise exc.ValueError( python3. 9/site- packages/ nacl/signing. py", line 153, in __init__ .ValueError: The seed must be exactly 32 bytes long .ValueError: The seed must be exactly 32 bytes long
Traceback (most recent call last):
Traceback (most recent call last):
File "/usr/lib/
File "/usr/lib/
milter.
File "/usr/lib/
File "/usr/lib/
self.
File "/usr/lib/
File "/usr/lib/
h = d.sign(
File "/usr/lib/
File "/usr/lib/
pk = nacl.signing.
File "/usr/lib/
File "/usr/lib/
raise exc.ValueError(
nacl.exceptions
nacl.exceptions