7

Based on the Exim4 docs I have the following script:

#! /bin/bash --

ED="dkim_ed25519_$(date +'%Y%m%d')"
RSA="dkim_rsa_$(date +'%Y%m%d')"

## Generate private key
openssl genpkey -algorithm ed25519 -out "${ED}.private"
openssl genrsa -out "${RSA}.private" 2048

## Use private key to generate the public DNS TXT record:
## 20200701._domainkey.example.com IN TXT "k=[ed25519|rsa]; p=[pub_key_content]"
openssl pkey -in "${ED}.private" -pubout -outform DER | tail -c +13 | base64 > "${ED}.public"
openssl rsa -in "${RSA}.private" -pubout -outform PEM | sed '/^-----/d' | tr -d '\n' > "${RSA}.public"

This generates a pair of private + public keys. Public ones are:

dkim_ed25519_20200701.public:

ICkF+6tTRKc8voK15Th4eTXMX3inp5jZwZSu4CH2FIc=

dkim_rsa_20200701.public:

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZMwFIfqRCUPAp6Jz5OPC9GC68JWsVA5VF2RBGH8Bx7rIRE6vekhejwqK4rmiaMswfuJEMKErWE0ZwYz7bhSsBMnv0G1xC7OLgOTCziUO1EjMp/R5/aUno1Y0txFcJJdbSNEpZYc0jMLW3TqNn3VN6glVpnPId2Rb6SqfweS7zYp04LrX+pT43pCEn9pHxVOmWfmz8AJav1kuYM5KvU7gsC3ytzaxW+QlHTaWH9vGtgK1GVg0NGQmPS2/nLSDABjJPATDN/d3PagpsPdwGtOPfe4ShW32FBhRVL9X3ZeeUP4y1iZn0Si4sQiWYAfwekxLh2lsvALAHPc7er8RxJ4yQIDAQAB

When I've tried to plug in those into the domain's TXT records like so:

RSA:

k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZMwFIfqRCUPAp6Jz5OPC9GC68JWsVA5VF2RBGH8Bx7rIRE6vekhejwqK4rmiaMswfuJEMKErWE0ZwYz7bhSsBMnv0G1xC7OLgOTCziUO1EjMp/R5/aUno1Y0txFcJJdbSNEpZYc0jMLW3TqNn3VN6glVpnPId2Rb6SqfweS7zYp04LrX+pT43pCEn9pHxVOmWfmz8AJav1kuYM5KvU7gsC3ytzaxW+QlHTaWH9vGtgK1GVg0NGQmPS2/nLSDABjJPATDN/d3PagpsPdwGtOPfe4ShW32FBhRVL9X3ZeeUP4y1iZn0Si4sQiWYAfwekxLh2lsvALAHPc7er8RxJ4yQIDAQAB

ED25519:

k=ed25519; p=ICkF+6tTRKc8voK15Th4eTXMX3inp5jZwZSu4CH2FIc=

I have figured that my DKIM rsa version works fine with gmail, but ed25519 just fails.

Did I make a mistake in my code/config? Or is it the case that ed25519 is not widely adopted?

NarūnasK
  • 358
  • 4
  • 16

1 Answers1

5

As of 2022-01, not a single big mail provider regularly verifies ed25519 signatures, though the reported result will not be consistent, I have seen in DMARC reports (along with pass for other signatures):

  • fail
  • permerror
  • temperror
  • neutral

Your configuration looks good to me, and should cause absolutely no issues using it supplementary to 2048-bit RSA signatures. I am sending one of each signature and that is also what everyone else adopting the new algorithm seems to be doing to test readiness for the transition.

All common software correctly parses the signature (so it can report the name) and ignores the signature algorithm it has yet to learn. I have still not received a single DMARC report from a public mail provider confirming any verified ed25519 signature.

My receiving experience continues to have more rsa-sha1 signatures (less useful nowadays, should long be succeeded by rsa-sha256) than ed25519-sha256 ones, but last year I saw the first EC ones from non-academic institutions, so adoption may finally be happening.

anx
  • 6,875
  • 4
  • 22
  • 45
  • Any updates so far? – Robert Siemer Jan 09 '22 at 20:23
  • 2
    @RobertSiemer Microsoft, Yahoo, Google, still officially do not utilize them, and clearly say so in their aggregate reports. Fun fact: I have yet to fail verifying a received EC signature - seems only environments which get canonicalisation order right support the new algorithm (and: everyone using it double signs rsa+ed25519 anyway). – anx Jan 11 '22 at 02:06
  • Thank you very much. – Robert Siemer Jan 11 '22 at 04:24