RFC 6376, "DomainKeys Identified Mail (DKIM) Signatures", September 2011

Note: This RFC has been updated by RFC 8301, RFC 8463, RFC 8553, RFC 8616

Errata ID: 6674
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Christian Böhme
Date Reported: 2021-09-01

Section Appendix C says:

This results in the file rsa.public containing the key information
similar to this:

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDwIRP/UC3SBsEmGqZ9ZJW3/DkM
oGeLnQg1fWn7/zYtIxN2SnFCjxOCKG9v3b4jYfcTNh5ijSsq631uBItLa7od+v/R
tdC2UzJ1lWT947qR+Rcac2gbto/NMqJ0fzfVjH4OuKhitdY9tf6mcwGjaNBcWToI
MmPSPDdQPNUYckcQ2QIDAQAB
-----END PUBLIC KEY-----

This public-key data (without the BEGIN and END tags) is placed in
the DNS:

$ORIGIN _domainkey.example.org.
brisbane IN  TXT  ("v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQ"
                   "KBgQDwIRP/UC3SBsEmGqZ9ZJW3/DkMoGeLnQg1fWn7/zYt"
                   "IxN2SnFCjxOCKG9v3b4jYfcTNh5ijSsq631uBItLa7od+v"
                   "/RtdC2UzJ1lWT947qR+Rcac2gbto/NMqJ0fzfVjH4OuKhi"
                   "tdY9tf6mcwGjaNBcWToIMmPSPDdQPNUYckcQ2QIDAQAB")

It should say:

This results in the file rsa.public containing the key information
similar to this (long output lines truncated):

openssl asn1parse -i -inform PEM -in rsa.public
    0:d=0  hl=3 l= 159 cons: SEQUENCE          
    3:d=1  hl=2 l=  13 cons:  SEQUENCE          
    5:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
   16:d=2  hl=2 l=   0 prim:   NULL              
   18:d=1  hl=3 l= 141 prim:  BIT STRING

openssl asn1parse -i -inform PEM -in rsa.public -strparse 18
    0:d=0  hl=3 l= 137 cons: SEQUENCE          
    3:d=1  hl=3 l= 129 prim:  INTEGER           :F02113FF502DD206C126…
  135:d=1  hl=2 l=   3 prim:  INTEGER           :010001

The result of

openssl asn1parse -i -inform PEM -in rsa.public -offset 22 -out /dev/stdout -noout | openssl base64

is then placed in the DNS:

$ORIGIN _domainkey.example.org.
brisbane IN  TXT  ("v=DKIM1; p=MIGJAoGBAPAhE/9QLdIGwSYapn1klbf8OQ"
                   "ygZ4udCDV9afv/Ni0jE3ZKcUKPE4Iob2/dviNh9xM2HmK"
                   "NKyrrfW4Ei0truh36/9G10LZTMnWVZP3jupH5FxpzaBu2"
                   "j80yonR/N9WMfg64qGK11j21/qZzAaNo0FxZOggyY9I8N"
                   "1A81RhyRxDZAgMBAAE=")

Notes:

Empirical evidence suggests that MSPs have taken the command lines in
Appendix C literally, and, by doing so, have deviated from the specification
laid out in Section 3.6.1. for the k= and p= tags.

Specifically, the openssl rsa command, used with its -pubout option
as demonstrated in Appendix C, produces a SubjectPublicKeyInfo-typed result
instead of a RSAPublicKey-typed one. It does so for both DER and PEM
arguments to the -outform option.

What is more, had Section 3.6.1., p= tag, specified a base64-encoded
SubjectPublicKeyInfo-typed value instead of a RSAPublicKey-typed one,
Section 3.6.1., k= tag, could have been dispensed of entirely, since
the SubjectPublicKeyInfo type contains an AlgorithmIdentifier-typed
attribute for that purpose.

That indeed an RSAPublicKey-typed result for the p= tag was intended
by RFC 6376 can be confirmed by comparison with RFC 8463, Section 4.2.,
which specifies that a "raw" Ed25519 public key be used, instead of
a SubjectPublicKeyInfo-typed one such as defined in RFC 8410,
Section 4. Subject Public Key Fields.

The Corrected Text uses the same public key data from the Original Text.

Report New Errata