Module for DKIM signing and verification in Python

Verify signatures other than first

Reported by Stuart Gathman on 2011-06-19
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
dkimpy
Undecided
Stuart Gathman

Bug Description

Propose adding an idx= parameter to verify method, and other methods to verify all, and make information about verified signatures available (array of sig dicts?).

Test cases and multiple signatures:

The special treatment for DKIM-Signature applies only to the one about to be inserted. Already existing DKIM-Signature fields are signed like any other header field. The DKIM-Signature about to be inserted is not reflected in h= (rfc 4871 5.4):

   The DKIM-Signature header field is always implicitly signed and MUST
   NOT be included in the "h=" tag except to indicate that other
   pre-existing signatures are also signed.

While this could be clearer, it seems clear to me that pre-existing DKIM-Signature fields are signed just like any other header. In particular, there is this logical consequence: including dkim-signature in h= when there is no pre-existing dkim-signature (or one more than the number of pre-existing dkim-signatures) effectively prohibits additional signatures (or the signature you are adding won't verify). It does not refer to the dkim-signature about to be inserted.

How do we check for this in a test? We could include properly signed messages with dkim-signature in h= as test cases. Another test case we can do is to sign a message with existing dkim-signature (including the existing signature). Changing the b= should cause the signature to fail.

Stuart Gathman (stuart-gathman) wrote :

Commited idx parameter to dkim.DKIM.verify(). We might want to have a sigheaders property to assist in deciding which sig to verify. Currently, caller can look through header list.

Changed in pydkim:
status: New → Fix Committed
assignee: nobody → Stuart Gathman (stuart-gathman)
milestone: none → 0.5
Changed in pydkim:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers