pdkim 0.9

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d403271cbc6ebf4df82551821bb5f76915b0fa1e
+  data.tar.gz: 56f3878d604453ff22c7e4b750b78a751f94c468
+SHA512:
+  metadata.gz: c3fe7d5aed35e7d20d2ad6def1caabea3303ebc2a15344fa9a6f303997f5a0b7b9a03a8db7bf966212b4215ee382751c3da0666cdb971db16b472a3fc68cf371
+  data.tar.gz: 9313bc15253e55ca032eb7bf41a379b272aca814eb6c343b3339aeab690ae909e638808053ae37f64ba58c3226edc8c656d89443debbb8c5be8ec85631302b33

data/bin/1ZsMk0-0iglmo-E9

@@ -0,0 +1,98 @@
+--- !ruby/hash
+:id: 1ZsMk0-0iglmo-E9
+:time: '2015-10-31 03:22:04 +0000'
+:local_port: '25'
+:local_hostname: mail.tsarmail.org
+:remote_port: 35184
+:remote_hostname: mail-pa0-x232.google.com
+:remote_ip: 2607:f8b0:400e:c03::232
+:authenticated: 
+:encrypted: true
+:ehlo:
+  :value: " mail-pa0-x232.google.com"
+  :domain: google.com
+  :ip: 173.194.115.32
+:mailfrom:
+  :value: "<mjwelchphd@gmail.com>"
+  :accepted: true
+  :name: 
+  :url: mjwelchphd@gmail.com
+  :local_part: mjwelchphd
+  :domain: gmail.com
+  :czarmailclient: false
+  :owner_id: 
+  :mx:
+  - gmail-smtp-in.l.google.com
+  - alt1.gmail-smtp-in.l.google.com
+  - alt2.gmail-smtp-in.l.google.com
+  - alt3.gmail-smtp-in.l.google.com
+  - alt4.gmail-smtp-in.l.google.com
+  :ip: 173.194.199.27
+  :spamhaus: false
+  :barracuda: false
+  :live: true
+:rcptto:
+- :value: "<coco@tsarmail.org>"
+  :accepted: true
+  :name: 
+  :url: coco@tsarmail.org
+  :local_part: coco
+  :domain: tsarmail.org
+  :czarmailclient: false
+  :owner_id: 
+  :senderisfriend: false
+  :mail_type: X
+:data:
+  :accepted: false
+  :value: 
+  :text:
+  - 'Received: by pasz6 with SMTP id z6so90936190pas.2'
+  - "        for <coco@tsarmail.org>; Fri, 30 Oct 2015 20:22:04 -0700 (PDT)"
+  - 'DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;'
+  - "        d=gmail.com; s=20120113;"
+  - "        h=message-id:date:from:user-agent:mime-version:to:subject"
+  - "         :content-type:content-transfer-encoding;"
+  - "        bh=Z2jCW0avVIbUOQuL6QZlOhhVpMa2bHX2/SOpDUKV+Ec=;"
+  - "        b=fdIuma9zlWqC1+tAAtXHXGybhB7Luki6veKE8SimmQL5BfWV5xU9NS7E0QApG2+rgp"
+  - "         QQ6VRwy8M9ATjBn3BJvXN462HGsfihPL5DwIr8N1PWhy7wkVJxFvAI/mcbGZlYZE4p99"
+  - "         CXVPAYt5lBKzeMFYNF79umSIjhc2HRyE0TFyLxzrH9DlryeQ6ngDJ6VKbPsWRpG0rLS2"
+  - "         H8Xs2t6l5wOd22oDcE0k4x3aU6MDMw6/0enU6KuVgmlnjsIemFk0NvpTRVKcWlluDmjI"
+  - "         OQ1x6oFNvwtxTpEC6OP89kXM6Fnc0mwn9PJSzzJ/gxmcxpNbmFZ25yHGy48TiA4jTC1y"
+  - "         JLeA=="
+  - 'X-Received: by 10.66.147.136 with SMTP id tk8mr12368633pab.37.1446261724525;'
+  - "        Fri, 30 Oct 2015 20:22:04 -0700 (PDT)"
+  - 'Return-Path: <mjwelchphd@gmail.com>'
+  - 'Received: from [192.168.1.2] ([96.251.113.83])'
+  - "        by smtp.googlemail.com with ESMTPSA id or3sm10805021pbb.56.2015.10.30.20.22.02"
+  - "        for <coco@tsarmail.org>"
+  - "        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);"
+  - "        Fri, 30 Oct 2015 20:22:03 -0700 (PDT)"
+  - 'Message-ID: <563433D8.9020306@gmail.com>'
+  - 'Date: Fri, 30 Oct 2015 20:22:00 -0700'
+  - 'From: "Michael J. Welch, Ph.D." <mjwelchphd@gmail.com>'
+  - 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0'
+  - 'MIME-Version: 1.0'
+  - 'To: coco@tsarmail.org'
+  - 'Subject: test tsar'
+  - 'Content-Type: text/plain; charset=utf-8; format=flowed'
+  - 'Content-Transfer-Encoding: 7bit'
+  - ''
+  - Coco is Sir Bitealot.
+  :headers:
+    :received: from [192.168.1.2] ([96.251.113.83])        by smtp.googlemail.com
+      with ESMTPSA id or3sm10805021pbb.56.2015.10.30.20.22.02        for <coco@tsarmail.org>        (version=TLSv1.2
+      cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);        Fri, 30 Oct 2015 20:22:03
+      -0700 (PDT)
+    :dkim_signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=gmail.com; s=20120113;        h=message-id:date:from:user-agent:mime-version:to:subject         :content-type:content-transfer-encoding;        bh=Z2jCW0avVIbUOQuL6QZlOhhVpMa2bHX2/SOpDUKV+Ec=;        b=fdIuma9zlWqC1+tAAtXHXGybhB7Luki6veKE8SimmQL5BfWV5xU9NS7E0QApG2+rgp         QQ6VRwy8M9ATjBn3BJvXN462HGsfihPL5DwIr8N1PWhy7wkVJxFvAI/mcbGZlYZE4p99         CXVPAYt5lBKzeMFYNF79umSIjhc2HRyE0TFyLxzrH9DlryeQ6ngDJ6VKbPsWRpG0rLS2         H8Xs2t6l5wOd22oDcE0k4x3aU6MDMw6/0enU6KuVgmlnjsIemFk0NvpTRVKcWlluDmjI         OQ1x6oFNvwtxTpEC6OP89kXM6Fnc0mwn9PJSzzJ/gxmcxpNbmFZ25yHGy48TiA4jTC1y         JLeA==
+    :x_received: by 10.66.147.136 with SMTP id tk8mr12368633pab.37.1446261724525;        Fri,
+      30 Oct 2015 20:22:04 -0700 (PDT)
+    :return_path: "<mjwelchphd@gmail.com>"
+    :message_id: "<563433D8.9020306@gmail.com>"
+    :date: Fri, 30 Oct 2015 20:22:00 -0700
+    :from: '"Michael J. Welch, Ph.D." <mjwelchphd@gmail.com>'
+    :user_agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
+    :mime_version: '1.0'
+    :to: coco@tsarmail.org
+    :subject: test tsar
+    :content_type: text/plain; charset=utf-8; format=flowed
+    :content_transfer_encoding: 7bit

data/bin/pdkimgemtest

@@ -0,0 +1,147 @@
+#! /usr/bin/env ruby
+require 'pdkim'
+require 'yaml'
+
+RSA_PRIVATE_KEY = <<EOT
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC5+utIbbfbpssvW0TboF73Seos+1ijdPFGwc/z8Yu12cpjBvRb
+5/qRJd83XCySRs0QkK1zWx4soPffbtyJ9TU5mO76M23lIuI5slJ4QLA0UznGxfHd
+fXpK9qRnmG6A4HRHC9B93pjTo6iBksRhIeSsTL94EbUJ625i0Lqg4i6NVQIDAQAB
+AoGBAIDGqJH/Pta9+GTzGovE0N0D9j1tUKPl/ocS/m4Ya7fgdQ36q8rTpyFICvan
+QUmL8sQsmZ2Nkygt0VSJy/VOr6niQmoi97PY0egxvvK5mtc/nxePCGwYLOMpB6ql
+0UptotmvJU3tjyHZbksOf6LlzvpAgk7GnxLF1Cg/RJhH9ubBAkEA6b32mr52u3Uz
+BjbVWez1XBcxgwHk8A4NF9yCpHtVRY3751FZbrhy7oa+ZvYokxS4dzrepZlB1dqX
+IXaq7CgakQJBAMuwpG4N5x1/PfLODD7PYaJ5GSIx6BZoJObnx/42PrIm2gQdfs6W
+1aClscqMyj5vSBF+cWWqu1i7j6+qugSswIUCQA3T3BPZcqKyUztp4QM53mX9RUOP
+yCBfZGzl8aCTXz8HIEDV8il3pezwcbEbnNjen+8Fv4giYd+p18j2ATSJRtECQGaE
+lG3Tz4PYG/zN2fnu9KwKmSzNw4srhY82D0GSWcHerhIuKjmeTw0Y+EAC1nPQHIy5
+gCd0Y/DIDgyTOCbML+UCQQClbgAoYnIpbTUklWH00Z1xr+Y95BOjb4lyjyIF98B2
+FA0nM8cHuN/VLKjjcrJUK47lZEOsjLv+qTl0i0Lp6giq
+-----END RSA PRIVATE KEY-----
+EOT
+
+RSA_PUBLIC_KEY_DKIM = "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5+utIbbfbpssvW0TboF73Seos+1ijdPFGwc/z8Yu12cpjBvRb5/qRJd83XCySRs0QkK1zWx4soPffbtyJ9TU5mO76M23lIuI5slJ4QLA0UznGxfHdfXpK9qRnmG6A4HRHC9B93pjTo6iBksRhIeSsTL94EbUJ625i0Lqg4i6NVQIDAQAB;"
+
+DOMAIN = "duncanthrax.net"
+SELECTOR = "cheezburger"
+
+PDKIM_RETURN_CODES = ["PDKIM_VERIFY_NONE", "PDKIM_VERIFY_INVALID", "PDKIM_VERIFY_FAIL", "PDKIM_VERIFY_PASS"]
+
+TEST_MESSAGE = [
+  "From: Tom Kistner <tom@duncanthrax.net>",
+  "X-Folded-Header: line one",
+  "\tline two",
+  "To: PDKIM User",
+  "Subject: PDKIM Test",
+  "",
+  "Test 1, 2, 3, 4",
+  "This is a simple test of Ruby PDKIM."
+]
+
+# the dkim header expected from this message is:
+#DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=simple/simple; d=duncanthrax.net; s=cheezburger;
+#	h=Subject:To:From; bh=+oeSNE7b9Ka6Gdh9ItFGX3J6Wacjc/JxAUaId7ON0T0=;
+#	b=Ap6DcX3x2MEoj1E3KBow7NF/2g5CnUoqkt0hgqJ0DufuOsFAPLl0tYA+yYIoCp8Acn/BJkjVYY+WQ7mlSUJfrZEZYIq1P+BZgBdP+Z+g3vrK2zEJchvwpnP0+xKniIktxT2WRQOoH3HBb/5Z1AhtuNfPEoE+kZN22Gksto4bqdg=;
+
+class PdkimTest
+
+  include PDKIM
+
+  def main
+    puts
+    puts
+    test1
+    puts
+    puts
+    test2
+    puts
+    puts
+    test3
+    puts
+  end
+
+  def display(name, unsigned_message, signed_message, signatures)
+    puts name.upcase
+    if !unsigned_message.nil?
+      puts "------------------------------------------------------------"
+      puts "---- The test email before signing.                        -"
+      puts "------------------------------------------------------------"
+      puts unsigned_message.join(CRLF)+CRLF
+    end
+    puts
+    puts "------------------------------------------------------------"
+    puts "---- The test email after signing.                         -"
+    puts "------------------------------------------------------------"
+    puts signed_message.join(CRLF)+CRLF
+    puts
+    case
+    when signatures.size==0
+      puts "------------------------------------------------------------"
+      puts "---- The no DKIM headers were found:                       -"
+      puts "------------------------------------------------------------"
+    when signatures.size==1
+      puts "------------------------------------------------------------"
+      puts "---- The signature of the DKIM header:                     -"
+      puts "------------------------------------------------------------"
+      signatures.each { |signature| puts "- %-36s%-20s -"%[signature[:domain], PDKIM_RETURN_CODES[signature[:verify_status]]] }
+      puts "------------------------------------------------------------"
+    else
+      puts "------------------------------------------------------------"
+      puts "---- The signatures of the DKIM headers:                   -"
+      puts "------------------------------------------------------------"
+      signatures.each { |signature| puts "%-38s%-20s -"%[signature[:domain], PDKIM_RETURN_CODES[signature[:verify_status]]] }
+      puts "------------------------------------------------------------"
+    end
+  end
+
+  def test1
+    # ---------- SIGN ----------
+    ctx = pdkim_init_sign(PDKIM_INPUT_NORMAL, DOMAIN, SELECTOR, RSA_PRIVATE_KEY)
+#    ok = pdkim_set_debug_stream(ctx, 2) # 2 --> STDERR
+    ok = pdkim_set_optional(ctx, nil, nil, PDKIM_CANON_SIMPLE, PDKIM_CANON_SIMPLE, -1, PDKIM_ALGO_RSA_SHA256, 0, 0)
+    TEST_MESSAGE.each do |line| 
+      ok = pdkim_feed(ctx, line+CRLF, line.length+2)
+    end
+    signatures = pdkim_feed_finish(ctx)
+    signed_message = [signatures[0][:signature]]
+    signed_message.concat(TEST_MESSAGE)
+    pdkim_free_ctx(ctx)
+
+    # --------- VERIFY ---------
+    # the block on this call is mandatory, and handles the DNS lookup
+    # to get the domain's public key
+    ctx = pdkim_init_verify(PDKIM_INPUT_NORMAL) do |name|
+      RSA_PUBLIC_KEY_DKIM
+    end
+    signed_message.each do |line|
+      ok = pdkim_feed(ctx, line+CRLF, line.length+2)
+    end
+    signatures = pdkim_feed_finish(ctx)
+    pdkim_free_ctx(ctx)
+    display("TEST1 -- SIGNING/VERIFYING THE LONG WAY", TEST_MESSAGE, signed_message, signatures)
+  end
+
+  def test2
+    ok, signed_message = pdkim_sign_an_email(PDKIM_INPUT_NORMAL, DOMAIN, SELECTOR, RSA_PRIVATE_KEY, PDKIM_CANON_SIMPLE, PDKIM_CANON_SIMPLE, TEST_MESSAGE)
+    ok, signatures = pdkim_verify_an_email(PDKIM_INPUT_NORMAL, signed_message, :fake_domain_lookup)
+    display("TEST2 -- SIGNING/VERIFYING THE SHORT WAY", TEST_MESSAGE, signed_message, signatures)
+  end
+  
+  def fake_domain_lookup(name)
+    RSA_PUBLIC_KEY_DKIM
+  end
+
+  # If Google ever removes the selector in this test email, this will cease to function
+  def test3
+    mail = YAML::load_file("bin/1ZsMk0-0iglmo-E9")
+    gmail = mail[:data][:text]
+    ok, signatures = pdkim_verify_an_email(PDKIM_INPUT_NORMAL, gmail)
+    display("TEST3 -- VERIFYING A GMAIL SIGNATURE", nil, gmail, signatures)
+  end
+
+end
+
+PdkimTest.new.main
+
+
+

data/lib/pdkim.rb

@@ -0,0 +1,394 @@
+require 'resolv'
+require_relative '../ext/pdkim/pdkimglue'
+
+module PDKIM
+
+  CRLF = "\r\n"
+
+  # ctx = pdkim_init_sign(mode, domain, selector, rsa_privkey)
+  #
+  # Initialize context for signing.
+  #
+  #    mode
+  #      PDKIM_INPUT_NORMAL or PDKIM_INPUT_SMTP. When SMTP
+  #      input is used, the lib will deflate double-dots at
+  #      the start of atline to a single dot, and it will
+  #      stop processing input when a line with and single
+  #      dot is received (Excess input will simply be ignored).
+  #
+  #    domain
+  #      The domain to sign as. This value will land in the
+  #      d= tag of the signature. For example, if the MAIL FROM
+  #      address is joe@mail.example.com, the domain is
+  #      example.com.
+  #
+  #    selector
+  #      The selector string to use. This value will land in
+  #      the s= tag of the signature. For example, if the DNS DKIM TXT
+  #      record contains 2015may._domainkey.example.com, the selector
+  #      is 2015may.
+  #
+  #    rsa_privkey
+  #      The private RSA key, in ASCII armor. It MUST NOT be
+  #      encrypted.
+  #
+  # Returns: A freshly allocated ctx (context)
+  #
+  def pdkim_init_sign(mode, domain, selector, rsa_privkey)
+    ruby_pdkim_init_sign(mode, domain, selector, rsa_privkey)
+  end
+
+  # ctx = pdkim_init_verify(mode) { |name| ...code to retrieve domain's public key... }
+  #
+  # Initialize context for verification.
+  #
+  #    mode
+  #      PDKIM_INPUT_NORMAL or PDKIM_INPUT_SMTP. When SMTP
+  #      input is used, the lib will deflate double-dots at
+  #      the start of atline to a single dot, and it will
+  #      stop processing input when a line with and single
+  #      dot is received (Excess input will simply be ignored).
+  #
+  #    block
+  #      Tom's pdkim lib does not include a DNS resolver, so one
+  #      has been provided in this gem called "pdkim_dkim_public_key_lookup(name)."
+  #      You may provide some other mechanism, however. This call, then, would be:
+  #
+  #      ctx = pdkim_init_verify(mode) do |name|
+  #        your_public_key_lookup(name)
+  #      end
+  #
+  #      NOTE: Although the block is on this call to pdkim_init_verify,
+  #      the ACTUAL callbacks are made from pdkim_feed_finish as the
+  #      DKIM signatures (there can be many) are being validated one by
+  #      one. As each signature will have a different domain, a callback
+  #      is used to do the lookup.
+  #
+  # Returns: A freshly allocated ctx (context)
+  #
+  def pdkim_init_verify(state)
+    raise ArgumentError.new("pdkim_init_verify missing block") if !block_given?
+    ruby_pdkim_init_verify(state) do |name|
+      r = yield(name)
+    end
+  end
+
+  # pdkim_set_debug_stream(ctx, file_name)
+  # pdkim_set_debug_stream(ctx, file_number)
+  #
+  # Set up debugging stream.
+  #
+  # When pdkim.c was compiled with DEBUG defined (which is the
+  # recommended default), you can set up a stream where it
+  # sends debug output to. If you don't set a debug
+  # stream, no debug output is generated.
+  #    file_name
+  #      If the first option is called, a file by the name
+  #      file_name is opened, and debugging output is APPENDED to it.
+  #      Ex: pdkim_set_debug_stream(ctx, "my_debug_log")
+  #
+  #    file_number
+  #      If the second option is choosen, a file by the number
+  #      file_number is opened, and debugging output is APPENDED to it.
+  #      Ex: pdkim_set_debug_stream(ctx, 2) # STDERR
+  #
+  # Returns: nil
+  #
+  def pdkim_set_debug_stream(ctx, id)
+    ruby_pdkim_set_debug_stream(ctx, id)
+  end
+
+  # ok = pdkim_set_optional(ctx, sign_headers, identity, canon_headers, \
+  #                         canon_body, bodylength, algo, created, expires)
+  #
+  # OPTIONAL: Set additional optional signing options. If you do
+  # not use this function, sensible defaults (see below) are used.
+  # Any strings you pass in are dup'ed, so you can safely release
+  # your copy even before calling pdkim_free() on your context.
+  #
+  #    sign_headers (default nil)
+  #      Colon-separated list of header names. Headers with
+  #      a name matching the list will be included in the
+  #      signature. When this is NULL, the list of headers
+  #      recommended in RFC4781 will be used.
+  #
+  #    identity (default nil)
+  #      An identity string as described in RFC4781. It will
+  #      be put into the i= tag of the signature.
+  #
+  #    canon_headers (default PDKIM_CANON_SIMPLE)
+  #      Canonicalization algorithm to use for headers. One
+  #      of PDKIM_CANON_SIMPLE or PDKIM_CANON_RELAXED.
+  #
+  #    canon_body (default PDKIM_CANON_SIMPLE)
+  #      Canonicalization algorithm to use for the body. One
+  #      of PDKIM_CANON_SIMPLE or PDKIM_CANON_RELAXED.
+  #
+  #    bodylength (default -1)
+  #      Amount of canonicalized body bytes to include in
+  #      the body hash calculation. A value of 0 means that
+  #      the body is not included in the signature. A value
+  #      of -1 (the default) means that there is no limit.
+  #
+  #    algo (default PDKIM_ALGO_RSA_SHA256)
+  #      One of PDKIM_ALGO_RSA_SHA256 or PDKIM_ALGO_RSA_SHA1.
+  #
+  #    created (default 0)
+  #      Seconds since the epoch, describing when the signature
+  #      was created. This is copied to the t= tag of the
+  #      signature. Setting a value of 0 (the default) omits
+  #      the tag from the signature.
+  #
+  #    expires (default 0)
+  #      Seconds since the epoch, describing when the signature
+  #      expires. This is copied to the x= tag of the
+  #      signature. Setting a value of 0 (the default) omits
+  #      the tag from the signature.
+  #
+  #  Returns: 0 (PDKIM_OK) for success or a PDKIM_ERR_* constant
+  #
+  def pdkim_set_optional(ctx, sign_headers,
+      identity, canon_headers, canon_body, bodylength,
+      algo, created, expires)
+    ruby_pdkim_set_optional(ctx, sign_headers,
+      identity, canon_headers, canon_body, bodylength,
+      algo, created, expires)
+  end
+
+  # ok = pdkim_feed(ctx, data, data_len)
+  #
+  # (Repeatedly) feed data to the signing algorithm. The message
+  # data MUST use CRLF line endings (like SMTP uses on the
+  # wire). The data chunks do not need to be a "line" - you
+  # can split chunks at arbitrary locations.
+  #
+  #    data (Ruby String which is also allowed to contain binary)
+  #      Pointer to data to feed. Please note that despite
+  #      the example given below, this is not necessarily a
+  #      C string, i.e., NULL terminated.
+  #
+  #    data_len
+  #      Length of data being fed, in bytes.
+  #
+  # Returns: 0 (PDKIM_OK) for success or a PDKIM_ERR_* constant
+  #
+  def pdkim_feed(ctx, data, len)
+    ruby_pdkim_feed(ctx, data, len)
+  end
+
+  # ok = pdkim_feed_finish(ctx)
+  #
+  # Signal end-of-message and retrieve the signature block.
+  #
+  # Returns:
+  #    ok
+  #      0 (PDKIM_OK) for success or a PDKIM_ERR_* constant
+  #
+  #    signatures (An array of hashes of signatures.)
+  #      If the function returns PDKIM_OK, it will return
+  #      one or more signatures.
+  #
+  #      Sign only returns 1 signature, but verify will return 1 signature
+  #      for each DKIM header in the email being verified.
+  #
+  #      Returns an array of hashes (only 1 for sign) with the signatures in them
+  #      [
+  #        {
+  #          "error"=>0, # 0 (PDKIM_OK) for success or a PDKIM_ERR_* constant
+  #          "signature"=>nil,
+  #          "version"=>1,
+  #          "algo"=>0,
+  #          "canon_headers"=>0,
+  #          "canon_body"=>0,
+  #          "querymethod"=>0,
+  #          "selector"=>"cheezburger",
+  #          "domain"=>"duncanthrax.net",
+  #          "identity"=>nil,
+  #          "created"=>0,
+  #          "expires"=>0,
+  #          "bodylength"=>-1,
+  #          "headernames"=>"Subject:To:From",
+  #          "copiedheaders"=>nil,
+  #          "sigdata"=>"\xA1\xEDy\x16\xDF\xF1\xF8C\x18\x80\xF8\x1F@\xFCIV&\x0E\xA4\xD5 ...",
+  #          "bodyhash"=>"M\x87\xE3_\xE5;T\xD4\x96\x90'I\xEA2\xBF\xCE\x8F\x17\xCD\xEF ...",
+  #          "signature_header"=>nil,
+  #          "verify_status"=>3,
+  #          "verify_ext_status"=>0,
+  #          "pubkey"=>{
+  #            "version"=>"DKIM1",
+  #            "granularity"=>"*",
+  #            "hashes"=>nil,
+  #            "keytype"=>"rsa",
+  #            "srvtype"=>"*",
+  #            "notes"=>nil,
+  #            "key"=>"0\x81\x9F0\r\x06\t*\x86H\x86\xF7\r\x01\x01\x01\x05\x00\x03\x81\x8D ...",
+  #            "testing"=>0,
+  #            "no_subdomaining"=>0
+  #          }
+  #        }
+  #      ]
+  #
+  def pdkim_feed_finish(ctx)
+    ruby_pdkim_feed_finish(ctx)
+  end
+
+  # pdkim_free_ctx(ctx)
+  #
+  #  Free all allocated memory blocks referenced from
+  #  the context, as well as the context itself.
+  #
+  #  Don't forget to call this or your application will "leak" memory.
+  #
+  def pdkim_free_ctx(ctx)
+    ruby_pdkim_free_ctx(ctx)
+  end
+
+  # ok = pdkim_sign_an_email(mode, domain, selector, rsa_privkey, canon_headers, canon_body, unsigned_message)
+  #
+  # Call a single function to sign an email message.
+  #
+  #    mode
+  #      PDKIM_INPUT_NORMAL or PDKIM_INPUT_SMTP. When SMTP
+  #      input is used, the lib will deflate double-dots at
+  #      the start of atline to a single dot, and it will
+  #      stop processing input when a line with and single
+  #      dot is received (Excess input will simply be ignored).
+  #
+  #    domain
+  #      The domain to sign as. This value will land in the
+  #      d= tag of the signature. For example, if the MAIL FROM
+  #      address is joe@mail.example.com, the domain is
+  #      example.com.
+  #
+  #    selector
+  #      The selector string to use. This value will land in
+  #      the s= tag of the signature. For example, if the DNS DKIM TXT
+  #      record contains 2015may._domainkey.example.com, the selector
+  #      is 2015may.
+  #
+  #    rsa_privkey
+  #      The private RSA key, in ASCII armor. It MUST NOT be
+  #      encrypted. For example, in the sample used for this gem,
+  #      the private key is: RSA_PRIVKEY:
+  #      -----BEGIN RSA PRIVATE KEY-----
+  #      MIICXQIBAAKBgQC5+utIbbfbpssvW0TboF73Seos+1ijdPFGwc/z8Yu12cpjBvRb
+  #      ...
+  #      FA0nM8cHuN/VLKjjcrJUK47lZEOsjLv+qTl0i0Lp6giq
+  #      -----END RSA PRIVATE KEY-----
+  #
+  #    canon_headers (default PDKIM_CANON_SIMPLE)
+  #      Canonicalization algorithm to use for headers. One
+  #      of PDKIM_CANON_SIMPLE or PDKIM_CANON_RELAXED.
+  #
+  #    canon_body (default PDKIM_CANON_SIMPLE)
+  #      Canonicalization algorithm to use for the body. One
+  #      of PDKIM_CANON_SIMPLE or PDKIM_CANON_RELAXED.
+  #
+  #    unsigned_message
+  #      An array of lines containing the email. The message
+  #      data array MUST NOT use CRLF line endings, but each line
+  #      is assumed to end with a CRLF (like SMTP uses on the
+  #      wire). The lines may be of arbitrary length. A line oriented
+  #      format was chosen because it's the "natural" way
+  #      of formatting the data for Ruby.
+  #
+  # Returns: an array of 2 elements: [success_code, message]
+  #     if successful, returns 0 (PDKIM_OK) and the signed_message
+  #     if unsuccessful, returns a PDKIM_ERR_* constant and nil
+  #
+  def pdkim_sign_an_email(mode, domain, selector, rsa_privkey, canon_headers, canon_body, unsigned_message)
+    ctx = pdkim_init_sign(mode, domain, selector, rsa_privkey)
+    return [PDKIM_FAIL, verify_counts] if ctx==0
+    ok = pdkim_set_optional(ctx, nil, nil, canon_headers, canon_body, -1, PDKIM_ALGO_RSA_SHA256, 0, 0)
+    if ok!=PDKIM_OK
+      pdkim_free_ctx(ctx)
+      return [ok, nil]
+    end
+    unsigned_message.each do |line|
+      ok = pdkim_feed(ctx, line+CRLF, line.length+2)
+      if ok!=PDKIM_OK
+        pdkim_free_ctx(ctx)
+        return [ok, nil]
+      end
+    end
+    signatures = pdkim_feed_finish(ctx)
+    pdkim_free_ctx(ctx)
+    return [PDKIM_ERR_RSA_SIGNING, nil] if signatures.empty?
+    signature = signatures[0][:signature]
+    signed_message = [signature]
+    signed_message.concat(unsigned_message)
+    return [PDKIM_OK, signed_message]
+  end
+
+  # ok = verify_an_email(mode, signed_message, sym_domain_lookup)
+  #
+  # Call a single function to sign an email message.
+  #
+  #    mode
+  #      PDKIM_INPUT_NORMAL or PDKIM_INPUT_SMTP. When SMTP
+  #      input is used, the lib will deflate double-dots at
+  #      the start of atline to a single dot, and it will
+  #      stop processing input when a line with and single
+  #      dot is received (Excess input will simply be ignored).
+  #
+  #    signed_message
+  #      An array of lines containing the email preceeded by a
+  #      DKIM header that was generated by a signing process. The message
+  #      data array MUST NOT contain CRLF line endings; instead, each line
+  #      will have a CRLF added here. The lines may be of arbitrary
+  #      length. A line oriented format was chosen because it's
+  #      the "natural" way of formatting the data for Ruby.
+  #
+  #    sym_domain_lookup (OPTIONAL)
+  #      A symbolic name of the method to use for private key lookups.
+  #      If this parameter is not given, it defaults to :pdkim_dkim_public_key_lookup
+  #      which is the built-in lookup function.
+  #
+  # Returns:
+  #    ok
+  #      0 (PDKIM_OK) for success or a PDKIM_ERR_* constant
+  #
+  #    signatures (An array of hashes of signatures.)
+  #      If the function returns PDKIM_OK, it will return
+  #      one or more signatures.
+  #
+  def pdkim_verify_an_email(mode, signed_message, sym_domain_lookup=:pdkim_dkim_public_key_lookup)
+    ctx = pdkim_init_verify(mode) do |name|
+      send(sym_domain_lookup, name)
+    end
+    return [PDKIM_FAIL, verify_counts] if ctx==0
+    ok = PDKIM_FAIL
+    signed_message.each do |line|
+      ok = pdkim_feed(ctx, line+CRLF, line.length+2)
+      if ok!=PDKIM_OK
+        pdkim_free_ctx(ctx)
+        return [ok, verify_counts]
+      end
+    end
+    signatures = pdkim_feed_finish(ctx)
+    pdkim_free_ctx(ctx)
+    return ok, signatures
+  end
+
+  # key = pdkim_dkim_public_key_lookup(name)
+  #
+  # This method retrieves the public key from the domain's
+  # website's DNS records, if any. If it fails, it will return
+  # "nil" which will cause the validation to fail with 
+  # PDKIM_VERIFY_FAIL.
+  #
+  #    name
+  #      The name to be looked up by the resolver. It has the form:
+  #      selector._domainkey.domain.com (org, biz, us, gov, etc.)
+  #      the name will be properly formatted if this method is
+  #      called from the block in pdkim_init_verify.
+  #
+  # Returns: The DKIM public key for the domain in 'name' or nil
+  #
+  def pdkim_dkim_public_key_lookup(name)
+    records = [];
+    Resolv::DNS.open { |dns| records = dns.getresources(name, Resolv::DNS::Resource::IN::TXT) }
+    if records.empty? then nil else records[0].strings.join("") end
+  end
+
+end

metadata

@@ -0,0 +1,65 @@
+--- !ruby/object:Gem::Specification
+name: pdkim
+version: !ruby/object:Gem::Version
+  version: '0.9'
+platform: ruby
+authors:
+- Tom Kistner
+- Michael J. Welch, Ph.D.
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-07-20 00:00:00.000000000 Z
+dependencies: []
+description: |-
+  PDKIM - a RFC4871 (DKIM) implementation
+  http://duncanthrax.net/pdkim/
+  Copyright (C) 2009      Tom Kistner <tom@duncanthrax.net>
+
+  Includes code from the PolarSSL project.
+  http://polarssl.org
+  Copyright (C) 2009      Paul Bakker <polarssl_maintainer@polarssl.org>
+  Copyright (C) 2006-2008 Christophe Devine
+
+  This gem (C) 2015-2017 Michael J. Welch, Ph.D. <mjwelchphd@gmail.com>
+  Source code can be found on GitHub: https://github.com/mjwelchphd/pdkim
+
+  Test by running pdkimgemtest after installing.
+
+  PDKIM is the pacakge that Exim4 uses for DKIM support.
+email: mjwelchphd@gmail.com
+executables:
+- pdkimgemtest
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/1ZsMk0-0iglmo-E9
+- bin/pdkimgemtest
+- ext/pdkim/pdkimglue.so
+- lib/pdkim.rb
+homepage: http://www.czarmail.com
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+- ext
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.6
+signing_key: 
+specification_version: 4
+summary: A Ruby Gem wrapping Tom Kistner's PDKIM package.
+test_files: []