1Mail::DKIM::Signer(3) User Contributed Perl DocumentationMail::DKIM::Signer(3)
2
6 Mail::DKIM::Signer - generates a DKIM signature for a message
7
9 version 1.20200907
10
12 use Mail::DKIM::Signer;
13 use Mail::DKIM::TextWrap; #recommended
14 # create a signer object
16 my $dkim = Mail::DKIM::Signer->new(
17 Algorithm => 'rsa-sha1',
18 Method => 'relaxed',
19 Domain => 'example.org',
20 Selector => 'selector1',
21 KeyFile => 'private.key',
22 Headers => 'x-header:x-header2',
23 );
24 # read an email from a file handle
26 $dkim->load(*STDIN);
27 # or read an email and pass it into the signer, one line at a time
29 while (<STDIN>)
30 {
31 # remove local line terminators
32 chomp;
33 s/\015$//;
34 # use SMTP line terminators
36 $dkim->PRINT("$_\015\012");
37 }
38 $dkim->CLOSE;
39 # what is the signature result?
41 my $signature = $dkim->signature;
42 print $signature->as_string;
43
45 This class is the part of Mail::DKIM responsible for generating
46 signatures for a given message. You create an object of this class,
47 specifying the parameters of the signature you wish to create, or
48 specifying a callback function so that the signature parameters can be
49 determined later. Next, you feed it the entire message using "PRINT()",
50 completing with "CLOSE()". Finally, use the "signatures()" method to
51 access the generated signatures.
52 Pretty Signatures
54 Mail::DKIM includes a signature-wrapping module (which inserts
55 linebreaks into the generated signature so that it looks nicer in the
56 resulting message. To enable this module, simply call
57 use Mail::DKIM::TextWrap;
59 in your program before generating the signature.
61
63 new()
64 Construct an object-oriented signer.
65 # create a signer using the default policy
67 my $dkim = Mail::DKIM::Signer->new(
68 Algorithm => 'rsa-sha1',
69 Method => 'relaxed',
70 Domain => 'example.org',
71 Selector => 'selector1',
72 KeyFile => 'private.key',
73 Headers => 'x-header:x-header2',
74 );
75 # create a signer using a custom policy
77 my $dkim = Mail::DKIM::Signer->new(
78 Policy => $policyfn,
79 );
80 The "default policy" is to create a DKIM signature using the specified
82 parameters, but only if the message's sender matches the domain. The
83 following parameters can be passed to this new() method to influence
84 the resulting signature: Algorithm, Method, Domain, Selector, KeyFile,
85 Identity, Timestamp.
86 If you want different behavior, you can provide a "signer policy"
88 instead. A signer policy is a subroutine or class that determines
89 signature parameters after the message's headers have been parsed. See
90 the section "SIGNER POLICIES" below for more information.
91 See Mail::DKIM::SignerPolicy for more information about policy objects.
93 In addition to the parameters demonstrated above, the following are
95 recognized:
96 Key rather than using "KeyFile", use "Key" to use an already-loaded
98 Mail::DKIM::PrivateKey object.
99 Headers
101 A colon separated list of headers to sign, this is added to the
102 list of default headers as shown in in the DKIM specification.
103 For each specified header all headers of that type which are
105 present in the message will be signed, but we will not oversign or
106 sign headers which are not present.
107 If you require greater control over signed headers please use the
109 extended_headers() method instead.
110 The list of headers signed by default is as follows
112 From Sender Reply-To Subject Date
114 Message-ID To Cc MIME-Version
115 Content-Type Content-Transfer-Encoding Content-ID Content-Description
116 Resent-Date Resent-From Resent-Sender Resent-To Resent-cc
117 Resent-Message-ID
118 In-Reply-To References
119 List-Id List-Help List-Unsubscribe List-Subscribe
120 List-Post List-Owner List-Archive
121
123 PRINT()
124 Feed part of the message to the signer.
125 $dkim->PRINT("a line of the message\015\012");
127 Feeds content of the message being signed into the signer. The API is
129 designed this way so that the entire message does NOT need to be read
130 into memory at once.
131 Please note that although the PRINT() method expects you to use SMTP-
133 style line termination characters, you should NOT use the SMTP-style
134 dot-stuffing technique described in RFC 2821 section 4.5.2. Nor should
135 you use a <CR><LF>.<CR><LF> sequence to terminate the message.
136 CLOSE()
138 Call this when finished feeding in the message.
139 $dkim->CLOSE;
141 This method finishes the canonicalization process, computes a hash, and
143 generates a signature.
144 extended_headers()
146 This method overrides the headers to be signed and allows more control
147 than is possible with the Headers property in the constructor.
148 The method expects a HashRef to be passed in.
150 The Keys are the headers to sign, and the values are either the number
152 of headers of that type to sign, or the special values '*' and '+'.
153 * will sign ALL headers of that type present in the message.
155 + will sign ALL + 1 headers of that type present in the message to
157 prevent additional headers being added.
158 You may override any of the default headers by including them in the
160 hashref, and disable them by giving them a 0 value.
161 Keys are case insensitive with the values being added upto the highest
163 value.
164 Headers => {
166 'X-test' => '*',
167 'x-test' => '1',
168 'Subject' => '+',
169 'Sender' => 0,
170 },
171 add_signature()
173 Used by signer policy to create a new signature.
174 $dkim->add_signature(new Mail::DKIM::Signature(...));
176 Signer policies can use this method to specify complete parameters for
178 the signature to add, including what type of signature. For more
179 information, see Mail::DKIM::SignerPolicy.
180 algorithm()
182 Get or set the selected algorithm.
183 $alg = $dkim->algorithm;
185 $dkim->algorithm('rsa-sha1');
187 domain()
189 Get or set the selected domain.
190 $alg = $dkim->domain;
192 $dkim->domain('example.org');
194 load()
196 Load the entire message from a file handle.
197 $dkim->load($file_handle);
199 Reads a complete message from the designated file handle, feeding it
201 into the signer. The message must use <CRLF> line terminators (same as
202 the SMTP protocol).
203 headers()
205 Determine which headers to put in signature.
206 my $headers = $dkim->headers;
208 This is a string containing the names of the header fields that will be
210 signed, separated by colons.
211 key()
213 Get or set the private key object.
214 my $key = $dkim->key;
216 $dkim->key(Mail::DKIM::PrivateKey->load(File => 'private.key'));
218 The key object can be any object that implements the sign_digest()
220 method. (Providing your own object can be useful if your actual keys
221 are stored out-of-process.)
222 If you use this method to specify a private key, do not use
224 "key_file()".
225 key_file()
227 Get or set the filename containing the private key.
228 my $filename = $dkim->key_file;
230 $dkim->key_file('private.key');
232 If you use this method to specify a private key file, do not use
234 "key()".
235 method()
237 Get or set the selected canonicalization method.
238 $alg = $dkim->method;
240 $dkim->method('relaxed');
242 message_originator()
244 Access the "From" header.
245 my $address = $dkim->message_originator;
247 Returns the "originator address" found in the message, as a
249 Mail::Address object. This is typically the (first) name and email
250 address found in the From: header. If there is no From: header, then an
251 empty Mail::Address object is returned.
252 To get just the email address part, do:
254 my $email = $dkim->message_originator->address;
256 See also "message_sender()".
258 message_sender()
260 Access the "From" or "Sender" header.
261 my $address = $dkim->message_sender;
263 Returns the "sender" found in the message, as a Mail::Address object.
265 This is typically the (first) name and email address found in the
266 Sender: header. If there is no Sender: header, it is the first name and
267 email address in the From: header. If neither header is present, then
268 an empty Mail::Address object is returned.
269 To get just the email address part, do:
271 my $email = $dkim->message_sender->address;
273 The "sender" is the mailbox of the agent responsible for the actual
275 transmission of the message. For example, if a secretary were to send a
276 message for another person, the "sender" would be the secretary and the
277 "originator" would be the actual author.
278 selector()
280 Get or set the current key selector.
281 $alg = $dkim->selector;
283 $dkim->selector('alpha');
285 signature()
287 Access the generated signature object.
288 my $signature = $dkim->signature;
290 Returns the generated signature. The signature is an object of type
292 Mail::DKIM::Signature. If multiple signatures were generated, this
293 method returns the last one.
294 The signature (as text) should be prepended to the message to make the
296 resulting message. At the very least, it should precede any headers
297 that were signed.
298 signatures()
300 Access list of generated signature objects.
301 my @signatures = $dkim->signatures;
303 Returns all generated signatures, as a list.
305
307 The new() constructor takes an optional Policy argument. This can be a
308 Perl object or class with an apply() method, or just a simple
309 subroutine reference. The method/subroutine will be called with the
310 signer object as an argument. The policy is responsible for checking
311 the message and specifying signature parameters. The policy must return
312 a nonzero value to create the signature, otherwise no signature will be
313 created. E.g.,
314 my $policyfn = sub {
316 my $dkim = shift;
317 # specify signature parameters
319 $dkim->algorithm('rsa-sha1');
320 $dkim->method('relaxed');
321 $dkim->domain('example.org');
322 $dkim->selector('mx1');
323 # return true value to create the signature
325 return 1;
326 };
327 Or the policy object can actually create the signature, using the
329 add_signature method within the policy object. If you add a signature,
330 you do not need to return a nonzero value. This mechanism can be
331 utilized to create multiple signatures, or to create the older
332 DomainKey-style signatures.
333 my $policyfn = sub {
335 my $dkim = shift;
336 $dkim->add_signature(
337 new Mail::DKIM::Signature(
338 Algorithm => 'rsa-sha1',
339 Method => 'relaxed',
340 Headers => $dkim->headers,
341 Domain => 'example.org',
342 Selector => 'mx1',
343 ));
344 $dkim->add_signature(
345 new Mail::DKIM::DkSignature(
346 Algorithm => 'rsa-sha1',
347 Method => 'nofws',
348 Headers => $dkim->headers,
349 Domain => 'example.org',
350 Selector => 'mx1',
351 ));
352 return;
353 };
354 If no policy is specified, the default policy is used. The default
356 policy signs every message using the domain, algorithm, method, and
357 selector specified in the new() constructor.
358
360 Mail::DKIM::SignerPolicy
361
363 • Jason Long <jason@long.name>
364 • Marc Bradshaw <marc@marcbradshaw.net>
366 • Bron Gondwana <brong@fastmailteam.com> (ARC)
368
370 Work on ensuring that this module passes the ARC test suite was
371 generously sponsored by Valimail (https://www.valimail.com/)
372
374 • Copyright (C) 2013 by Messiah College
375 • Copyright (C) 2010 by Jason Long
377 • Copyright (C) 2017 by Standcore LLC
379 • Copyright (C) 2020 by FastMail Pty Ltd
381 This library is free software; you can redistribute it and/or modify it
383 under the same terms as Perl itself, either Perl version 5.8.6 or, at
384 your option, any later version of Perl 5 you may have available.
385perl v5.32.1 2021-01-27 Mail::DKIM::Signer(3)