Lesnikowski Blog

Posts Tagged ‘DKIM’

Import certificate, private or public keys (PEM, CER, PFX)

Tuesday, November 22nd, 2011

Encrypted private key, RSA private key in PEM file:

PEM stands for Privacy Enhanced Mail format.

PemReader pem = new PemReader();
RSACryptoServiceProvider rsa = pem.ReadEncryptedPrivateKeyFromFile(
   "EncryptedPrivateKey.pem", // "EncryptedRSAPrivateKey.pem"
   "cypher");

This code handles following formats:

PKCS #8 EncryptedPrivateKeyInfo Encrypted Format:
-----BEGIN ENCRYPTED PRIVATE KEY----- MIICojAcBgoqhkiG9w0BD .....

Private Key (Traditional SSLeay RSAPrivateKey format) Encrypted:
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,24A667C253F8A1B9

mKz .....

You can remove the passphrase from the private key:
openssl rsa -in EncryptedPrivateKey.pem -out PrivateKey.pem

Unencrypted private key in PEM file:

PemReader pem = new PemReader();
RSACryptoServiceProvider rsa = pem.ReadPrivateKeyFromFile(
   "PrivateKey.pem");

This code handles following formats:

PKCS #8 PrivateKeyInfo Unencrypted:
-----BEGIN PRIVATE KEY----- MIICdgIBADANBgkqhkiG9w0B ......

Private Key (Traditional SSLeay RSAPrivateKey format) Unencrypted:
-----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQCcHVm .....

Public key in PEM file:

PemReader pem = new PemReader();
RSACryptoServiceProvider rsa = pem.ReadPublicKeyFromFile(
   "PublicKey.pem")

This code handles following formats:

Public Key (SubjecPublicKeyInfo):
-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEB .....

Certificate/private key in PFX file:

X509Certificate2 certificate  = new X509Certificate2(
   "certificate.pfx",
   "",
   X509KeyStorageFlags.PersistKeySet)

if (certificate.HasPrivateKey)
{
  using (RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)certificate.PrivateKey)
  {
  }
}

Certificate in PEM/CER file

Note: The private key is never stored in a .pem/.cer file.

X509Certificate2 certificate = new X509Certificate2(
   "certificate.cer");

-or-

PemReader pem = new PemReader();
X509Certificate2 certificate = pem.ReadCertificateFromFile(
   "certificate.cer");

This code handles following formats:

-----BEGIN CERTIFICATE----- MIIFsTCCA5mgAwIBAgIKYQ .....

Posted in Component | Tags: DKIM, Mail.dll, SMIME | No Comments »

Sign emails with DKIM

Tuesday, July 27th, 2010

DKIM is short for DomainKeys Identified Mail.

Adding a signature looks like this:

// C#

var certificate = new X509Certificate2("Test.pfx");
var rsa = (RSACryptoServiceProvider)certificate.PrivateKey;

IMail email = Mail
       .Text("text")
       .From("alice@mail.com")
       .To("bob@mail.com")
       .Subject("subject")
       .DKIMSign(rsa, "brisbane", "example.com")
       .Create();

' VB.NET

Dim certificate = New X509Certificate2("Test.pfx")
Dim rsa = DirectCast(certificate.PrivateKey, RSACryptoServiceProvider)

Dim email As IMail = Mail _
		.Text("text") _
		.From("alice@mail.com") _
		.[To]("bob@mail.com") _
		.Subject("subject") _
		.DKIMSign(rsa, "brisbane", "example.com") _
		.Create()

So what you need is RSACryptoServiceProvider with your private key, and two strings: selector and domain.

Basically how this works is the recipient of the email queries the DNS server for TXT record for selector._domainkey.domain (in our sample it is: “brisbane._domainkey.example.com”) to get the public key and validate the signature.

You can use nslookup to get the public key for a domain:

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:UsersPawel>nslookup
Default Server:  UnKnown
Address:  192.168.0.1

> set type=TXT
> gamma._domainkey.gmail.com
Server:  UnKnown
Address:  192.168.0.1

Non-authoritative answer:
gamma._domainkey.gmail.com      text =

        "k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIhyR3oItOy22ZOaBrI
Ve9m/iME3RqOJeasANSpg2YTHTYV+Xtp4xwf5gTjCmHQEMOs0qYu0FYiNQPQogJ2t0Mfx9zNu06rfRBD
jiIU9tpx2T+NGlWZ8qhbiLo5By8apJavLyqTLavyPSrvsx0B3YzC63T4Age2CDqZYA+OwSMWQIDAQAB"

gmail.com       nameserver = ns1.google.com
gmail.com       nameserver = ns4.google.com
gmail.com       nameserver = ns3.google.com
gmail.com       nameserver = ns2.google.com
ns1.google.com  internet address = 216.239.32.10
ns2.google.com  internet address = 216.239.34.10
ns3.google.com  internet address = 216.239.36.10
ns4.google.com  internet address = 216.239.38.10
>

But don’t worry as Mail.dll will make this DNS query for you.

Validating (including DNS query for public key) is simple:

// C#

IMail email = new MailBuilder()
    .CreateFromEmlFile("signed_gamma.gmail.eml");
bool isValid = email.CheckDKIMSignature();

' VB.NET

Dim email As IMail = New MailBuilder() _
    .CreateFromEmlFile("signed_gamma.gmail.eml")
Dim isValid As Boolean = email.CheckDKIMSignature()

You can download Mail.dll .NET email component here.

Posted in Component | Tags: C#, DKIM, Mail.dll, VB.NET | No Comments »

Posts Tagged ‘DKIM’

Import certificate, private or public keys (PEM, CER, PFX)

Encrypted private key, RSA private key in PEM file:

Unencrypted private key in PEM file:

Public key in PEM file:

Certificate/private key in PFX file:

Certificate in PEM/CER file

Sign emails with DKIM

Links

Meta