Re: [exim] DKIM: signing failed (RC -101)

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Ramana Kumar
Dátum:  
Címzett: Tom Kistner
CC: Wolfgang Breyha, exim-users
Tárgy: Re: [exim] DKIM: signing failed (RC -101)
The argument -algorithm RSA makes it use RSA (not DSA). The openssl man
page says genrsa is superceded by genpkey.

But I guess I should just try using genrsa and see if that fixes the
problem... I'll write back if it doesn't.

On Fri, Aug 24, 2012 at 8:48 PM, Tom Kistner <tom@???> wrote:

> genpkey seems to be a generic function. I've never used that. Use -genrsa
> instead to force rsa. Maybe your openssl defaults to DSA for genpkey.
>
> 2012/8/24 Ramana Kumar <ramana@???>
>
>> Sorry, I should have posted this earlier.
>> This is the command I used to generate the private key:
>>
>> openssl genpkey -algorithm RSA -out dkim.private.key
>>
>> So, no, I didn't use -des3 or -nodes, and I don't think my private key is
>> encrypted.
>> But maybe exim doesn't like the output of genpkey?
>>
>>
>> On Fri, Aug 24, 2012 at 8:29 PM, Tom Kistner <tom@???> wrote:
>>
>>> The line you posted shows how you extracted the public portion from the
>>> private key.
>>>
>>> Maybe your private key is encrypted.
>>>
>>> When you generated the private key, was -des3 or -nodes specified on the
>>> commandline, and did openssl ask you for a passphrase?
>>>
>>> 2012/8/22 Ramana Kumar <ramana@???>
>>>
>>>> But what could be wrong?
>>>>
>>>> I generated it like this:
>>>> openssl rsa -in dkim.private.key -pubout -out dkim.public.key
>>>>
>>>> As I understand it the problem is not with whether the public and
>>>> private
>>>> keys match, but with the private key itself. Does openssl (as above) not
>>>> generate them in a format exim can read?
>>>>
>>>> % openssl version
>>>> OpenSSL 1.0.1c 10 May 2012
>>>>
>>>>
>>>> On Wed, Aug 22, 2012 at 5:00 PM, Wolfgang Breyha <wbreyha@???>
>>>> wrote:
>>>>
>>>> > Ramana Kumar wrote, on 22.08.2012 10:23:
>>>> > > What does RC -101mean? I think it means Exim couldn't read my
>>>> private key
>>>> > > or something is wrong with my private key.
>>>> >
>>>> > Reading the source says
>>>> > #define PDKIM_ERR_RSA_PRIVKEY      -101

>>>> >
>>>> > returned by:
>>>> >       /* Perform private key operation */
>>>> >       if (rsa_parse_key(&rsa, (unsigned char *)sig->rsa_privkey,
>>>> >                         strlen(sig->rsa_privkey), NULL, 0) != 0) {
>>>> >         return PDKIM_ERR_RSA_PRIVKEY;
>>>> >       }

>>>> >
>>>> > So, yes, there is something wrong with your private key.
>>>> >
>>>> > Greetings,
>>>> > Wolfgang
>>>> > --
>>>> > Wolfgang Breyha <wbreyha@???> | http://www.blafasel.at/
>>>> > Vienna University Computer Center | Austria
>>>> >
>>>> >
>>>> --
>>>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
>>>> ## Exim details at http://www.exim.org/
>>>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>>>
>>>
>>>
>>
>