我不了解DKIM密钥验证过程
我试图了解DKIM密钥验证如何工作。 我确定我了解的步骤是:
1-发件人将通过MUA(例如Gmail)向回收器发送消息,并将转到Sender Mail Server(SMTP/MTA服务器)。
2-在此发生之前,Sernder Mail Server已经生成了公共和私钥。
3-私钥在发件人邮件服务器中秘密揭示。
4-公共密钥已经在DNS记录中发布在名称服务器为TXT资源记录中。
5-发件人邮件服务器将使用一些哈希 - 算法方法来生成特定邮件标头字段的哈希值:(从:到::主题),例如,这些字段将被掩盖到:abcd。他们称其为“ key_signing”。
6-发件人邮件服务器将使用私钥对此签名密钥进行加密!
***现在,在我继续之前,发件人邮件服务器将如何使用私钥加密该哈希值?据我了解,不对称加密中的私钥是用于解密的,不是用于加密!
- 好的,让我们继续:-)
7-接收器邮件服务器(POP3或IMAP)将接收消息并验证。
8- DKIM密钥验证通过试图解密加密的DKIM密钥(哈希值)来完成。
9-接收器邮件服务器需要发件人邮件服务器的公共密钥来解密加密的dkim键以获取DKIM Hashed值。
**接收器邮件服务器将如何通过发件人邮件服务器公共密钥解密加密的DKIM密钥???公共密钥是用于加密的,不是用于解密!!
10-当接收器邮件服务器解密加密的DKIM密钥时,它将获得DKIM密钥,这只是某些电子邮件标头的Hashe值。在我的示例中,是:ABCD。
11-接收器邮件服务器将使用相同的哈希方法来哈希标题,如果它获得了完全相似的HSH值,它将接受电子邮件并将其转发给接收器收件箱文件夹。
请伙计们,如果我错了,请纠正我,并澄清如何使用公共密钥来解密DKIM密钥以及如何使用私钥来对其进行加密,而不对称的咒语则说:
“私钥是用于解密和公共密钥用于加密”。
我浏览了许多网站,所有网站都没有逐步阐明这一过程非常清晰的细节。
I am trying to understand how does the DKIM key validation work.
The steps that I am sure that I understood are:
1- The sender will send a message to a reciver through MUA (e.g. gmail) and it will go to the sender mail server (SMTP/MTA server).
2- Sernder mail server already generated public and private keys before this happen.
3- The private key is seved secretly in the sender mail server.
4- The public key is already published in the DNS record in the name server as TXT resource record.
5- Sender mail server will use some hash-algorithm methods to generate hashe value for specific mail header fields for example: (From: To: Subject) which for example will be hashed to: Abcd. They call it a "Key_Signing".
6- Sender mail server will encrypt this signed key using the private key!
*** Now before i continue, how the sender mail server will encrypt this hashed value using the private key?? As per I understand that the private key in asymmetric encryption is for decryption not for encryption!!
- Ok ,let's continue:-)
7- The receiver mail server (POP3 or IMAP) will receive the message and validate.
8- DKIM key validation done by trying to decrypt the encrypted DKIM key (hashed value).
9- The receiver mail server needs the sender mail server's public key to decrypt the encrypted DKIM key to fetch the DKIM hashed value.
** How the receiver mail server will decrypt the encrypted DKIM key via the sender mail server public key??? Public key is for encryption not for decryption!!.
10- When the receiver mail server decrypt the encrypted DKIM key it will gain the DKIM key which is nothing but the hashe value for some email headers. In my example it is:Abcd.
11- Receiver mail server will use the same hash method to hash the same email headers and if the it get the exactly similar hsh value, it will accept the email and forward it to the receiver inbox folder.
Please guys, correct me if I am wrong and clarify how the public key are used to decrypt the DKIM key and how the private key is used to encrypt it while the asymmetric mantra says:
"Private key is for decryption and public key is for encryption".
I went through many websites and all of them did not clarify this process step by step in very clear details.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
在第6和9点,
正确的是,在“非对称加密”中,在“加密”消息的任务中,仅收件人读取的消息,发送者使用收件人公钥来加密消息,该消息可以仅由接收者的秘密密钥的所有者解密。
但是,在数字签名用例中存在不同的情况,在这里需要证明发件人的身份,发件人是否没有其他人拥有?发件人的秘密钥匙。
因此,如果发件人想证明自己的身份,他们可以向您展示秘密键,但这不再是秘密,其他人则将复制它。
发件人可以用秘密键加密一些“已知消息”,以便每个人都用发件人的公开公开密钥解密。同样,在此用例中,发件人试图证明它们具有私钥。现在,如果收件人用发件人的公钥解密消息,并将结果与“已知消息”进行比较,并且它匹配,这意味着发送者确实拥有秘密密钥。
您需要在这里了解正在加密的消息不是秘密,因此实际上所有收件人都应该能够拥有它,并与“解密签名”匹配,以评估发件人拥有的秘密密钥发件人地址。一旦您了解了DKIM过程就很清楚。
在阅读有关数字签名和公共密钥密码学或非对称加密的资源时,请记住这一点:
您可以阅读有关加密数字签名的信息:
To point 6 and 9
It is correct that in Asymmetric Cryptography, in the task to "encrypt" a message that is intended to be read only by the recipient, the recipient public key is used by the sender to encrypt the message, that message can be decrypted only by the owner of the secret key which is the recipient.
However, in the Digital signature use-case there is a different situation, here the need is to prove the identity of the sender, Well does the sender have that no one else has? the secret key of the sender.
So if the sender wants to prove their identity they can show you the secret key, but then it is not secret anymore and others will copy it.
The sender could encrypt some "known message" with the secret key, for everyone to decrypt with the associated publicly known public key of the sender. Again in this use case, the sender is trying to prove that they have the private key. Now if the recipient decrypts the message with the public key of the sender, and compares the results with the "known message" and it matches that means the sender really owns the secret key.
You need to understand here that the message that is being encrypted is not secret, so actually all recipients should be able to have it, and to match it with the "decrypted signature" in order to assess wether the sender owns the secret key of the sender address. Once you understands that the DKIM process is clear.
Keep that in mind while you read resources on Digital Signature and Public-Key Cryptography or Asymmetric Cryptography:
You can read this about Cryptographic Digital Signature:
您的理解是错误的。私钥和公共密钥都可以用于加密和解密。
必不可少的属性是,只能用公共密钥加密加密的消息,反之亦然。
Your understanding is mistaken. Both private and public keys can be used for both encryption and decryption.
The essential property is that a message encrypted with a private key can only be decrypted with the public key, and vice versa.