Skip to content

DKIM

(DomainKeys Identified Mail) DKIM

  • Signature for Email to assure that it is attributed to a domain

  • Dmarc

    is information of what to do if DKIM or SPF fail on an email

  • Spf

    Used to list the IPs that can send an email from that domain

Source

Implementation

Example Code:

import gmpy2, sys, dns.resolver
from Cryptodome.PublicKey import RSA
from base64 import b64decode as b64d
def decode_dkim_private(txt):
    params = dict()
    # Parse the DKIM selector record.
    for key, _, val in map(lambda x: x.partition('='), txt.split(';')):
        if key == 'n':
            for k, v in map(lambda x: x.split(':'), val.split(',')):
                params[k] = int.from_bytes(b64d(v), 'big')
    # Compute rest of RSA keypair parameters (if possible).
    if all (k in params for k in ('e', 'p', 'q')):
        params['n'] = params['p'] * params['q']
        phi = (params['p'] - 1) * (params['q'] - 1)
        params['d'] = int(gmpy2.invert(params['e'], phi))
        rsa = map(lambda x: params[x], 'nedpq')
        return RSA.construct(tuple(rsa))
    else:
        return None
if __name__ == '__main__' and len(sys.argv) == 3:
    domain = sys.argv[1]
    selector = sys.argv[2]
    for answer in dns.resolver.query(selector + '._domainkey.' + domain, 'TXT'):
        txt = str(answer).strip('"')
        print(decode_dkim_private(txt).exportKey().decode())

Example Output:

./dkim-private.py 'ryanc.org' '20170829-b29b2444f764c222c3faf5c'
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDkOSIRW7R8a3e0J0lZqbBJSpHJYPk043/OB3lcT2apKtnu7MLj
IRqUAgRyYSVAGC10ID2Qlxmy1Ji3EBRB1qI2IsNKgC2C4qzGxx54ShpVR/8yY9Qy
1eyNtTF5Y/XSoLWoRVO1oly+WL+4O2TRuyujEwoZcFUwXzuuuqJtzbI17wIDAQAB
AoGBAKClArD7PzExKGJcIQqHIjqEzdfVdbVfyc+JfUiX72h2bE78wzXDUIUMYnrs
nJ7gJeaO5ycG5ST29sQtAkVRwn1KTLaU9fYmGpbkKyOWWfmztppZIvwi9l4tU5h2
GJVw+HbhcWO6tYbTqR9Bc8IelXyVibwmJwImr0AoD8sBLryhAkEA6o/8upWykC5U
Sot9Q2o5M89EO1qA7J/ao/FPc2TUJKat+z4JXde2HWW/8D3LJR4hGwSpgwLMq9dr
TzdjbzFTkQJBAPkU07sfsjMdCz8lw5AEIhAXDrfMWK6+tLNbFzv+Z0EkEmQZS7US
Sh0Kc+uTJyMZTggftbpqi1vKu/IRwtwLMX8CQFT/ABGMlTvxzdGFYkq/fyLrBEqN
rRIRiuTFWIj0DHuLepgEDtjWhcN5T2f6vFYi6NQliFdU+F18ngICjCGKukECQHse
ClIyJpkRQB/kgLfM8zFU1FeRUDx/0z3cRq3G4C7Yr6Z+wmcsNSoJoqbMw8mblnB5
jBAq3dtvaFsM4G53se0CQQC9ocR9eQdXvq5ibwZAmgYcMLEaq7NeX//l6zdxLd52
NcVcuaAUzf5KdTRwA9gJ4Qdzwntc+UB2ElpI2AOj7AFV
-----END RSA PRIVATE KEY-----