parse_public_key: RSAPublicKey vs SubjectPublicKeyInfo
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dkimpy |
Fix Released
|
Low
|
Scott Kitterman |
Bug Description
If I haven't missed any important update to the DKIM spec, I consider the following as valid:
RFC6376, Section 3.6.1:
The "rsa" key type
indicates that an ASN.1 DER-encoded [ITU-X660-1997] RSAPublicKey
(see [RFC3447], Sections 3.1 and A.1.1) is being used in the "p="
tag. (Note: the "p=" tag further encodes the value using the
base64 algorithm.) Unrecognized key types MUST be ignored.
Errata exist (https:/
The "rsa" key type
indicates that an ASN.1 DER-encoded [ITU-X660-1997] RSAPublicKey
(see [RFC3447], Sections 3.1 and A.1.1), which MAY be contained in
a SubjectPublicKe
in the "p=" tag.
I'm aware that appearantly the whole world uses SubjectPublicKe
Fortunately, dkimpy does the ASN1-parsing all by itself, so a patch to support parsing of RSAPublicKey Syntax directly could be as trivial as:
diff --git a/dkim/crypto.py b/dkim/crypto.py
index 144bbde..f2c7e89 100644
--- a/dkim/crypto.py
+++ b/dkim/crypto.py
@@ -119,7 +119,10 @@ def parse_public_
x = asn1_parse(
pkd = asn1_parse(
except ASN1FormatError as e:
- raise UnparsableKeyEr
+ try:
+ pkd = asn1_parse(
+ except:
+ raise UnparsableKeyEr
pk = {
'modulus': pkd[0][0],
I successfully tested this patch agains a mixture of both key represenations.
I should probably have added, that dkimpy fails to parse a non-nested RSAPublicKey- Structure like this:
ERROR:dkimverif y:could not parse public key (b'MIIBCgKCAQEA uHeX9e8a+ ZnkCuv45Zuli5D+ 8k69i1HK0KhyVo7 j+ZBXIhrGO0e5pf 62ZJ4ly7OL99oSi At5riAfbxHigi59 CWy8Nqu0Dhul7an AEkiEuKL8eKsjkg BfYiQzrCxuNh/ +VG5B6G8D8xnKFP rvdt8m0D8ek/ HZCgntkpkicBWe2 Eeq3WZb+ E9/m8IdA+ rY+XZBkOLF8kro8 lSZANLaNstddWj5 8LjTk949YfkJHQt ekUJYV6t4SzsQ2O x3gMSZE/ /ZP4S3trJhDocUN QdiJDY9Rc4bwbrI 4vAn2opRZDIj0Ms 0cK3L+9+ 1969K5jOeR5m0Gl 6pC1WQy9xLKDsUI SEYaQIDAQAB' ): Unparsable public key: Unexpected tag (got 02, expecting 30)