dkimpy

dkim.KeyFormatError Letsencrypt Privkey

Bug #1708917 reported by martin on 2017-08-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	dkimpy	Invalid	Undecided	Unassigned

Bug Description

Got a letsencrypt.org key and its not parseable?

private_key = open("privkey.pem", "rb").read()

dkim.sign(message=message.encode("utf-8"), selector="DefaultPublicKey", domain=domain_name, privkey=private_key)

  File "/usr/local/lib/python3.5/dist-packages/dkim/crypto.py", line 130, in parse_private_key
    pka = asn1_parse(ASN1_RSAPrivateKey, data)
  File "/usr/local/lib/python3.5/dist-packages/dkim/asn1.py", line 85, in asn1_parse
    r.append(asn1_parse(t[1], data[i:i+length]))
  File "/usr/local/lib/python3.5/dist-packages/dkim/asn1.py", line 92, in asn1_parse
    "Unexpected tag (got %02x, expecting %02x)" % (tag, t[0]))
dkim.asn1.ASN1FormatError: Unexpected tag (got 30, expecting 02)

William Grant (wgrant) on 2017-08-07

Changed in dkimpy:
status:	New → Incomplete

Revision history for this message

William Grant (wgrant) wrote on 2017-08-07:

dkimpy expects the private key to be encoded as DER, not PEM. You can convert the key with "openssl rsa -in privkey.pem -outform der -out privkey.der".

However, you probably want to use a dedicated key for DKIM, not one that is used for a certificate issued by Let's Encrypt -- DKIM doesn't use X.509 certificates, just PKCS #1 keys in which trust is directly provided by DNS records.

Changed in dkimpy:
status:	Incomplete → Invalid

Revision history for this message

martin (martin-bendsoe) wrote on 2017-08-07: Re: [Bug 1708917] Re: dkim.KeyFormatError Letsencrypt Privkey

Thanks for the answer. Yeah I found out that I needed another key. Created
one with opendkim-genkey command. Some more documentation about what kind
of key and how to create one would be nice to not be confused with TLS keys.

Thanks, Martin

On 7 August 2017 at 10:36, William Grant <email address hidden> wrote:

> dkimpy expects the private key to be encoded as DER, not PEM. You can
> convert the key with "openssl rsa -in privkey.pem -outform der -out
> privkey.der".
>
> However, you probably want to use a dedicated key for DKIM, not one that
> is used for a certificate issued by Let's Encrypt -- DKIM doesn't use
> X.509 certificates, just PKCS #1 keys in which trust is directly
> provided by DNS records.
>
> ** Changed in: dkimpy
> Status: Incomplete => Invalid
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1708917
>
> Title:
> dkim.KeyFormatError Letsencrypt Privkey
>
> Status in dkimpy:
> Invalid
>
> Bug description:
> Got a letsencrypt.org key and its not parseable?
>
> private_key = open("privkey.pem", "rb").read()
>
> dkim.sign(message=message.encode("utf-8"),
> selector="DefaultPublicKey", domain=domain_name, privkey=private_key)
>
>
> File "/usr/local/lib/python3.5/dist-packages/dkim/crypto.py", line
> 130, in parse_private_key
> pka = asn1_parse(ASN1_RSAPrivateKey, data)
> File "/usr/local/lib/python3.5/dist-packages/dkim/asn1.py", line 85,
> in asn1_parse
> r.append(asn1_parse(t[1], data[i:i+length]))
> File "/usr/local/lib/python3.5/dist-packages/dkim/asn1.py", line 92,
> in asn1_parse
> "Unexpected tag (got %02x, expecting %02x)" % (tag, t[0]))
> dkim.asn1.ASN1FormatError: Unexpected tag (got 30, expecting 02)
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/dkimpy/+bug/1708917/+subscriptions
>

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.