README
¶
go-dkim
A Go library to create and verify DKIM signatures.
Usage
Sign
r := strings.NewReader(mailString)
options := &SignOptions{
Domain: "example.org",
Selector: "brisbane",
Signer: privateKey,
}
var b bytes.Buffer
if err := dkim.Sign(&b, r, options); err != nil {
log.Fatal(err)
}
Verify
r := strings.NewReader(mailString)
verifications, err := dkim.Verify(r)
if err != nil {
log.Fatal(err)
}
for _, v := range verifications {
if v.Err == nil {
log.Println("Valid signature for:", v.Domain)
} else {
log.Println("Invalid signature for:", v.Domain, v.Err)
}
}
FAQ
Why can't I verify a mail.Message directly? A mail.Message header is
already parsed, and whitespace characters (especially continuation lines) are
removed. Thus, the signature computed from the parsed header is not the same as
the one computed from the raw header.
How can I publish my public key? You have to add a TXT record to your DNS zone. See RFC 6376 appendix C.
License
MIT
Documentation
¶
Overview ¶
Package dkim creates and verifies DKIM signatures, as specified in RFC 6376.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsPermFail ¶
IsPermFail returns true if the error returned by Verify is a permanent failure. A permanent failure is for instance a missing required field or a malformed header.
func IsTempFail ¶
IsTempFail returns true if the error returned by Verify is a temporary failure.
Types ¶
type Canonicalization ¶ added in v0.2.0
type Canonicalization string
Canonicalization is a canonicalization algorithm.
const ( CanonicalizationSimple Canonicalization = "simple" CanonicalizationRelaxed = "relaxed" )
type QueryMethod ¶ added in v0.2.0
type QueryMethod string
QueryMethod is a DKIM query method.
const ( // DNS TXT resource record (RR) lookup algorithm QueryMethodDNSTXT QueryMethod = "dns/txt" )
type SignOptions ¶
type SignOptions struct {
// The SDID claiming responsibility for an introduction of a message into the
// mail stream. Hence, the SDID value is used to form the query for the public
// key. The SDID MUST correspond to a valid DNS name under which the DKIM key
// record is published.
Domain string
// The selector subdividing the namespace for the domain.
Selector string
// The Agent or User Identifier (AUID) on behalf of which the SDID is taking
// responsibility.
Identifier string
// The key used to sign the message.
Signer crypto.Signer
// The hash algorithm used to sign the message.
Hash crypto.Hash
// Header and body canonicalization algorithms.
HeaderCanonicalization Canonicalization
BodyCanonicalization Canonicalization
// A list of header fields to include in the signature. If nil, all headers
// will be included. If not nil, "From" MUST be in the list.
//
// See RFC 6376 section 5.4.1 for recommended header fields.
HeaderKeys []string
// The expiration time. A zero value means no expiration.
Expiration time.Time
// A list of query methods used to retrieve the public key.
QueryMethods []QueryMethod
}
SignOptions is used to configure Sign. Domain, Selector and Signer are mandatory.
type Verification ¶
type Verification struct {
// The SDID claiming responsibility for an introduction of a message into the
// mail stream.
Domain string
// The Agent or User Identifier (AUID) on behalf of which the SDID is taking
// responsibility.
Identifier string
// The list of signed header fields.
HeaderKeys []string
// The number of bytes in the body which are signed. If the whole body is
// signed, BodyLength is < 0.
BodyLength int64
// The time that this signature was created. If unknown, it's set to zero.
Time time.Time
// The expiration time. If the signature doesn't expire, it's set to zero.
Expiration time.Time
// Err is nil if the signature is valid.
Err error
}
A Verification is produced by Verify when it checks if one signature is valid. If the signature is valid, Err is nil.
Source Files
Directories