Re: [Dcrup] DKIM-Signing hashes with Ed25519
"John Levine" <johnl@taugh.com> Thu, 15 November 2018 04:37 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CB66128A5C for <dcrup@ietfa.amsl.com>; Wed, 14 Nov 2018 20:37:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.752
X-Spam-Level:
X-Spam-Status: No, score=-1.752 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=U+9GUae5; dkim=pass (1536-bit key) header.d=taugh.com header.b=jzbcQIt4
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jXg1kwC_QyEn for <dcrup@ietfa.amsl.com>; Wed, 14 Nov 2018 20:37:10 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43FE31286E3 for <dcrup@ietf.org>; Wed, 14 Nov 2018 20:37:10 -0800 (PST)
Received: (qmail 61866 invoked from network); 15 Nov 2018 04:37:07 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=f1a7.5becf7f3.k1811; bh=Ggqp7IyYF/OAQosnMzAbptuEQFDnIkQBFwIfN6QjNP8=; b=U+9GUae5dgp6Kijp/LUjbtMLS+vw90xtc922xJc4swpQEhzQEcXHXtHkQa6pgdWB+V2Qe+jvnvJ8J5ERZqjW1VKjIZpG8Imf7YvpYvA6WORjI5DlAtlCe6L6qUISqaJtBTftMgQcyAdkoO8BDuaaxAmXtFRmraR1OPunIpeDhoYK9YIDMnBm7EiqXN39QDAgAjibz/Uui3rJz3K34s05belOp4x8kRnP4xutdxy16dNQPgsWLvhpTS9pfnupU6HL
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=f1a7.5becf7f3.k1811; bh=Ggqp7IyYF/OAQosnMzAbptuEQFDnIkQBFwIfN6QjNP8=; b=jzbcQIt4rM2M4+JPIAspl2HTwC40/1bq6mjtifoDHgiiRQHnaWXLd8f7zsqX/PGSVBteYNPurL8V6UiHzBXV4LGx3CfUi+6Ae+iel2efTLPulGaieOoqlc0T4zix2q6dHhCAKe7HZ7QWscptfH6LLxeOFcSArboZhgkGg+GmzIGhuGquGYeyb40Oyh1Qsdnv7V7QQXTiXLSycxTBynev0PuqwoxjkH3lOLzyrC908JN89qaai3ra0rEUKL2gEjAz
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 15 Nov 2018 04:37:07 -0000
Received: by ary.qy (Postfix, from userid 501) id 3FA5920088D849; Wed, 14 Nov 2018 23:37:06 -0500 (EST)
Date: Wed, 14 Nov 2018 23:37:06 -0500
Message-Id: <20181115043707.3FA5920088D849@ary.qy>
From: John Levine <johnl@taugh.com>
To: dcrup@ietf.org
Cc: jgh@wizmail.org
In-Reply-To: <db0f70f4-7d9c-b81e-9e57-35295eeedb19@wizmail.org>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/Ms4cQqHzhW4Hi9SnHlqEnliAVBc>
Subject: Re: [Dcrup] DKIM-Signing hashes with Ed25519
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Nov 2018 04:37:11 -0000
In article <db0f70f4-7d9c-b81e-9e57-35295eeedb19@wizmail.org> you write: >So you get the signature of a SHA512-hash of a SHA256-hash of the >headers. Yup, hashed twice. No, I don't know why. We asked around and the advice we got was that the pure version of ed25519 was likely to be much more widely implemented than HashEdDSA. We found the single and double hash thing pretty confusing too, but as I read RFC8032, PureEdDSA does *not* do the second sha-512 hash while HashEdDSA does. By the way, have you checked that your code validates the ed25519 example signature in RFC 8463? I don't think hashing twice will get the right result. You might also see whether it interoperates with Scott Kittermans python DKIM module. R's, John
- [Dcrup] DKIM-Signing hashes with Ed25519 Дилян Палаузов
- Re: [Dcrup] DKIM-Signing hashes with Ed25519 Jeremy Harris
- Re: [Dcrup] DKIM-Signing hashes with Ed25519 Viktor Dukhovni
- Re: [Dcrup] DKIM-Signing hashes with Ed25519 John Levine
- Re: [Dcrup] DKIM-Signing hashes with Ed25519 Jeremy Harris
- Re: [Dcrup] DKIM-Signing hashes with Ed25519 Salz, Rich