On 26/03/18 06:13, Viktor Dukhovni wrote: >> On Mar 25, 2018, at 7:46 AM, Jeremy Harris <jgh@xxxxxxxxxxx> wrote: >> >>> Not sure what format DKIM wants the key in, but if it is SKPI >>> in base64 form >> >> It is not. The _raw_ pubkey, base64'd is what is wanted. >> No ASN.1 wrapping; that's why I said "raw". > > I'm afraid you're wrong about that: > > $ dig +noall +ans +nocl +nottl +nosplit -t txt 20161025._domainkey.gmail.com > 20161025._domainkey.gmail.com. TXT "k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqR" "tqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpbq4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB" > > $ printf "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqRtqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpbq4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB" | openssl base64 -A -d | openssl asn1parse -inform DER > 0:d=0 hl=4 l= 290 cons: SEQUENCE > 4:d=1 hl=2 l= 13 cons: SEQUENCE > 6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption > 17:d=2 hl=2 l= 0 prim: NULL > 19:d=1 hl=4 l= 271 prim: BIT STRING > > That's an ASN1 encoding of X.509 SPKI object. Which is > not surprising, even for RSA one must still encode the > modulus and exponent somehow, and other algorithms might > have parameters... So ASN.1 it is. That is an RSA key. We're talking about Ed25519 keys. -- Jeremy -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
