Link to this heading(DomainKeys Identified Mail) DKIM

  • Signature for Email to assure that it is attributed to a domain

  • DMARC: is information of what to do if DKIM or SPF fail on an email

  • SPF: Used to list the IPs that can send an email from that domain

Source

Link to this headingImplementation

Example Code:

import gmpy2, sys, dns.resolver from Cryptodome.PublicKey import RSA from base64 import b64decode as b64d def decode_dkim_private(txt): params = dict() # Parse the DKIM selector record. for key, _, val in map(lambda x: x.partition('='), txt.split(';')): if key == 'n': for k, v in map(lambda x: x.split(':'), val.split(',')): params[k] = int.from_bytes(b64d(v), 'big') # Compute rest of RSA keypair parameters (if possible). if all (k in params for k in ('e', 'p', 'q')): params['n'] = params['p'] * params['q'] phi = (params['p'] - 1) * (params['q'] - 1) params['d'] = int(gmpy2.invert(params['e'], phi)) rsa = map(lambda x: params[x], 'nedpq') return RSA.construct(tuple(rsa)) else: return None if __name__ == '__main__' and len(sys.argv) == 3: domain = sys.argv[1] selector = sys.argv[2] for answer in dns.resolver.query(selector + '._domainkey.' + domain, 'TXT'): txt = str(answer).strip('"') print(decode_dkim_private(txt).exportKey().decode())

Example Output:

./dkim-private.py 'ryanc.org' '20170829-b29b2444f764c222c3faf5c' -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDkOSIRW7R8a3e0J0lZqbBJSpHJYPk043/OB3lcT2apKtnu7MLj IRqUAgRyYSVAGC10ID2Qlxmy1Ji3EBRB1qI2IsNKgC2C4qzGxx54ShpVR/8yY9Qy 1eyNtTF5Y/XSoLWoRVO1oly+WL+4O2TRuyujEwoZcFUwXzuuuqJtzbI17wIDAQAB AoGBAKClArD7PzExKGJcIQqHIjqEzdfVdbVfyc+JfUiX72h2bE78wzXDUIUMYnrs nJ7gJeaO5ycG5ST29sQtAkVRwn1KTLaU9fYmGpbkKyOWWfmztppZIvwi9l4tU5h2 GJVw+HbhcWO6tYbTqR9Bc8IelXyVibwmJwImr0AoD8sBLryhAkEA6o/8upWykC5U Sot9Q2o5M89EO1qA7J/ao/FPc2TUJKat+z4JXde2HWW/8D3LJR4hGwSpgwLMq9dr TzdjbzFTkQJBAPkU07sfsjMdCz8lw5AEIhAXDrfMWK6+tLNbFzv+Z0EkEmQZS7US Sh0Kc+uTJyMZTggftbpqi1vKu/IRwtwLMX8CQFT/ABGMlTvxzdGFYkq/fyLrBEqN rRIRiuTFWIj0DHuLepgEDtjWhcN5T2f6vFYi6NQliFdU+F18ngICjCGKukECQHse ClIyJpkRQB/kgLfM8zFU1FeRUDx/0z3cRq3G4C7Yr6Z+wmcsNSoJoqbMw8mblnB5 jBAq3dtvaFsM4G53se0CQQC9ocR9eQdXvq5ibwZAmgYcMLEaq7NeX//l6zdxLd52 NcVcuaAUzf5KdTRwA9gJ4Qdzwntc+UB2ElpI2AOj7AFV -----END RSA PRIVATE KEY-----