# Test dkim-dns subcommand with keys pre-generated by openssl, to validate # interoperability. c = ./chasquid-util dkim-dns example.com sel123 test_openssl_genpkey_ed25519.pem c <- sel123._domainkey.example.com TXT "v=DKIM1; k=ed25519; p=QXNdsDCVOrViGMRh4BIE/IgUCcBEwio3kpJ3e0GAipw=" c wait 0 c = ./chasquid-util dkim-dns example.com sel123 test_openssl_genpkey_rsa.pem c <- sel123._domainkey.example.com TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAieZWhl7dnxHGyucZS2+dyExPQytj/aY46RXJ4yT3zWY8gh5YkVZ2L1x++7XMzzSg/5FR5bkKYV9Xa+jO6YlhriYKo3ttWSmxU0hDKbG7dpD9Tr7tjCcmKqE1IXetl6DXlQl7LRdmkeIND4gtf9A1zOPLR3/+kvsu1u2cUsEFVs36FqbTe4BYLn2RQlT4IQocT5eVEvoHc5apKuTOKBYThhWRaSZG9YXvsdd1UjngR2Xmizu5e/hj2f3W+9rmRRy1ukmUryuMUHMae2V27Wy1vrHiYoMUA1kQJY+HTG5kMkuatxNui9yjmdqrQUvCIU2Fa5jxJYQTLIz4U0/z4tStRwIDAQAB" c wait 0 # Generate our own keys, and then check we can parse them with dkim-dns. # Do this once per algorithm (including the default). # Default algorithm. c = ./chasquid-util dkim-keygen example.com selDef .keys/test_def.pem c <- Key written to ".keys/test_def.pem" c <- c <~ selDef._domainkey.example.com\tTXT\t"v=DKIM1; k=rsa; p=[A-Za-z0-9+/]{560,570}=*" c wait 0 c = ./chasquid-util dkim-dns example.com selDef .keys/test_def.pem c <~ selDef._domainkey.example.com\tTXT\t"v=DKIM1; k=rsa; p=[A-Za-z0-9+/]{560,570}=*" c wait 0 # RSA 3072. c = ./chasquid-util dkim-keygen example.com selRSA3 .keys/test_rsa3.pem --algo=rsa3072 c <- Key written to ".keys/test_rsa3.pem" c <- c <~ selRSA3._domainkey.example.com\tTXT\t"v=DKIM1; k=rsa; p=[A-Za-z0-9+/]{560,570}=*" c wait 0 c = ./chasquid-util dkim-dns example.com selRSA3 .keys/test_rsa3.pem c <~ selRSA3._domainkey.example.com\tTXT\t"v=DKIM1; k=rsa; p=[A-Za-z0-9+/]{560,570}=*" c wait 0 # RSA 4096. c = ./chasquid-util dkim-keygen example.com selRSA4 .keys/test_rsa4.pem --algo=rsa4096 c <- Key written to ".keys/test_rsa4.pem" c <- c <~ selRSA4._domainkey.example.com\tTXT\t"v=DKIM1; k=rsa; p=[A-Za-z0-9+/]{730,740}=*" c wait 0 c = ./chasquid-util dkim-dns example.com selRSA4 .keys/test_rsa4.pem c <~ selRSA4._domainkey.example.com\tTXT\t"v=DKIM1; k=rsa; p=[A-Za-z0-9+/]{730,740}=*" c wait 0 # Ed25519. c = ./chasquid-util dkim-keygen example.com selED25519 .keys/test_ed25519.pem --algo=ed25519 c <- Key written to ".keys/test_ed25519.pem" c <- c <~ selED25519._domainkey.example.com\tTXT\t"v=DKIM1; k=ed25519; p=[A-Za-z0-9+/]{40,50}=*" c wait 0 c = ./chasquid-util dkim-dns example.com selED25519 .keys/test_ed25519.pem c <~ selED25519._domainkey.example.com\tTXT\t"v=DKIM1; k=ed25519; p=[A-Za-z0-9+/]{40,50}=*" c wait 0 # Refuse to overwrite a key file. c = ./chasquid-util dkim-keygen example.com selED25519 .keys/test_ed25519.pem --algo=ed25519 c <- Error: key already exists at ".keys/test_ed25519.pem" c wait 1 # Automatically decide on the selector and key path. c = ./chasquid-util -C=.config dkim-keygen domain --algo=ed25519 c <~ Key written to ".config/domains/domain/dkim:[0-9]{8}.pem" c <- c <~ [0-9]{8}._domainkey.domain\tTXT\t"v=DKIM1; k=ed25519; p=[A-Za-z0-9+/]{40,50}=*" c wait 0 # Custom selector, but automatic key path c = ./chasquid-util -C=.config dkim-keygen domain sel1 --algo=ed25519 c <~ Key written to ".config/domains/domain/dkim:sel1.pem" c <- c <~ sel1._domainkey.domain\tTXT\t"v=DKIM1; k=ed25519; p=[A-Za-z0-9+/]{40,50}=*" c wait 0 # Missing parameters. c = ./chasquid-util -C=.config dkim-keygen c <- Error: missing domain parameter c wait 1 # Unsupported algorithm c = ./chasquid-util -C=.config dkim-keygen domain s k.pem --algo=xxx666 c <- Error: unsupported algorithm "xxx666" c wait 1 # Automatically find selector and key path. c = ./chasquid-util -C=.config dkim-dns domain c <~ [0-9]{8}._domainkey.domain\tTXT\t"v=DKIM1; k=ed25519; p=[A-Za-z0-9+/]{40,50}=*" c wait 0 # Require at least a domain. c = ./chasquid-util -C=.config dkim-dns c <- Error: missing domain parameter c wait 1 # Error reading key. c = ./chasquid-util -C=.config dkim-dns domain unknownsel badkey.pem c <- Error reading private key from "badkey.pem": open badkey.pem: no such file or directory c wait 1 # No DKIM keys found. c = ./chasquid-util -C=.config dkim-dns unkdomain c <- No DKIM keys found in ".config/domains/unkdomain/dkim:*.pem" c wait 1 # DKIM signing, with various forms. c = ./chasquid-util -C=.config dkim-sign domain c -> From: user-a@srv-a c -> c -> A little tiny message. c close c <- DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; c <~ \td=domain; s=\d+; t=\d+; c <~ \th=from:from:subject:date:to:cc:message-id; c <~ \tbh=.*; c <~ \tb=.* c <~ \t .*; c wait 0 c = ./chasquid-util -C=.config dkim-sign domain sel1 c -> From: user-a@srv-a c -> c -> A little tiny message. c close c <- DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; c wait 0 c = ./chasquid-util -C=.config dkim-sign domain selED25519 .keys/test_ed25519.pem c -> From: user-a@srv-a c -> c -> A little tiny message. c close c <- DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; c wait 0 c = ./chasquid-util -C=.config dkim-sign c -> From: user-a@domain c -> c -> A little tiny message. c close c <- DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; c wait 0 # Bad message for dkim-sign. c = ./chasquid-util -C=.config dkim-sign c -> Invalid message. c close c <- Error parsing message: malformed header line: Invalid message. c wait 1 c = ./chasquid-util -C=.config dkim-sign c -> From: c -> c -> A little tiny message. c close c <- Error parsing From: header: mail: missing @ in addr-spec c wait 1 # DKIM verification. # Just check that the attempt was made. c = ./chasquid-util -C=.config dkim-verify c -> From: user-a@srv-a c -> c -> A little tiny message. c close c <~ Authentication-Results: .* c <~ \t;dkim=none c wait 0 # Tracing. Just check that there's some output, we don't need byte-for-byte # verification as the contents are not expected to be stable. c = ./chasquid-util -C=.config dkim-sign -v c -> From: user-a@domain c -> c -> A little tiny message. c close c <~ Signing for domain / \d+ with ed25519-sha256 c wait 0 c = ./chasquid-util -C=.config dkim-verify -v c -> From: user-a@srv-a c -> c -> A little tiny message. c close c <- Found 0 signatures, 0 valid c <~ Authentication-Results: .* c <~ \t;dkim=none c wait 0