ed25519 signing ERROR: "sign_dkim: The seed must be exactly 32 bytes long"

Bug #1901569 reported by pgnd on 2020-10-26
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
dkimpy-milter
Undecided
Unassigned

Bug Description

with

 pip show dkimpy-milter dkimpy pymilter pynacl | egrep "Name:|Version:"
  Name: dkimpy-milter
  Version: 1.2.2
  Name: dkimpy
  Version: 1.0.5
  Name: pymilter
  Version: 1.0.4
  Name: PyNaCl
  Version: 1.4.0

 python v3.8.6
 lsb_release -rd
  Description: Fedora release 32 (Thirty Two)
  Release: 32

i've dknewkey-generated both rsa & ed25519 keys, and pushed to nameserver.
(i've also tried 'openssl' key generation ... results, as below, are the same in both cases)

with dkimpy-config

 ...
 KeyTable /etc/dkimpy-milter/key_table_rsa
 #KeyTableEd25519 /etc/dkimpy-milter/key_table_ed25519
 ...

where

 cat /etc/dkimpy-milter/signing_table
  *@example.net dkim-2a072a271a930868._domainkey.example.net

 cat key_table_ed25519
  dkim-2a072a271a930868._domainkey.example.net example.net:dkim-2a072a271a930868:/srv/dkim/dkim.example.net.ed25519.key.pem

 cat key_table_rsa
  dkim-2a072a271a930868._domainkey.example.net example.net:dkim-2a072a271a930868:/srv/dkim/dkim.example.net.rsa.key.pem

checking,

 dig @1.1.1.1 TXT selector._domainkey.example.net +short
  dkim-2a072a271a930868._domainkey.example.net.
  "v=DKIM1; k=ed25519; p=0cU7XIzvq3Y3UZOwiXho3cp9ggwoudPY9T93AniWWiJ=;"
  "v=DKIM1; k=rsa; h=sha256; s=email; t=s;" "p=MIIB...qK" "uC3KM...CAE" "PB2s...JaS" "3lyD...IdF" "Nde3...N3o+" "0R8T3...lkg" "rQIDAQAB;"

outbound mail's rsa-signed

 Oct 26 09:00:30 mx.example.com dkimpy-milter[62259]: connect from int.mx.example.com at ('10.0.1.127', 35709) EXTERNAL
 Oct 26 09:00:30 mx.example.com dkimpy-milter[62259]: mail from: <email address hidden> ('SIZE=952', 'BODY=8BITMIME')
 Oct 26 09:00:30 mx.example.com dkimpy-milter[62259]: From: test _ <email address hidden>
 Oct 26 09:00:30 mx.example.com dkimpy-milter[62259]: 4CKfgf1gS2z2P: rsa-sha256 DKIM signature added (s=dkim-2a072a271a930868 d=example.net)

and verifies/passes all checks.
rsa signing works in any/all cases.

enabling dual-signing,

 ...
 KeyTable /etc/dkimpy-milter/key_table_rsa
- #KeyTableEd25519 /etc/dkimpy-milter/key_table_ed25519
+ KeyTableEd25519 /etc/dkimpy-milter/key_table_ed25519
 ...

outbound signing appears to succeed for rsa, bug fails for subsequent/additional ed25519 signing,

 " sign_dkim: The seed must be exactly 32 bytes long"

logs,

 Oct 26 09:01:27 mx.example.com dkimpy-milter[65442]: connect from int.mx.example.com at ('10.0.1.127', 38713) EXTERNAL
 Oct 26 09:01:27 mx.example.com dkimpy-milter[65442]: mail from: <email address hidden> ('SIZE=952', 'BODY=8BITMIME')
 Oct 26 09:01:27 mx.example.com dkimpy-milter[65442]: From: test _ <email address hidden>
 Oct 26 09:01:27 mx.example.com dkimpy-milter[65442]: 4CKfhl4qzhz2P: rsa-sha256 DKIM signature added (s=dkim-2a072a271a930868 d=example.net)
 Oct 26 09:01:27 mx.example.com dkimpy-milter[65442]: sign_dkim: The seed must be exactly 32 bytes long
 Oct 26 09:01:27 mx.example.com dkimpy-milter[65442]: Traceback (most recent call last):
 Oct 26 09:01:27 mx.example.com dkimpy-milter[65442]: File "/usr/lib64/python3.8/site-packages/Milter/__init__.py", line 772, in <lambda>
                milter.set_eom_callback(lambda ctx: ctx.getpriv().eom())
 Oct 26 09:01:27 mx.example.com dkimpy-milter[65442]: File "/usr/local/lib/python3.8/site-packages/dkimpy_milter/__init__.py", line 198, in eom
                self.sign_dkim(txt)
 Oct 26 09:01:27 mx.example.com dkimpy-milter[65442]: File "/usr/local/lib/python3.8/site-packages/dkimpy_milter/__init__.py", line 335, in sign_dkim
                h = d.sign(codecs.encode(self.selectorEd25519, 'ascii'), codecs.encode(self.fdomain, 'ascii'),
 Oct 26 09:01:27 mx.example.com dkimpy-milter[65442]: File "/usr/local/lib/python3.8/site-packages/dkim/__init__.py", line 832, in sign
                pk = nacl.signing.SigningKey(privkey, encoder=nacl.encoding.Base64Encoder)
 Oct 26 09:01:27 mx.example.com dkimpy-milter[65442]: File "/usr/local/lib64/python3.8/site-packages/nacl/signing.py", line 153, in __init__
                raise exc.ValueError(
 Oct 26 09:01:27 mx.example.com dkimpy-milter[65442]: nacl.exceptions.ValueError: The seed must be exactly 32 bytes long

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers