Skip to content

Support ed25519 in opendkim tools, fix orphaned opendkim-genzone bug #246

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jcastle-gh wants to merge 3 commits into
base: develop
Choose a base branch
from
Open

Support ed25519 in opendkim tools, fix orphaned opendkim-genzone bug #246

jcastle-gh wants to merge 3 commits into from

Conversation

@jcastle-gh
Copy link

@jcastle-gh jcastle-gh commented Mar 17, 2025

Depends-On: #162
This should be merged after PR #162, "Upgrade to OpenSSL 3".

  1. opendkim-genkey: require openssl >= 1.1.1 for ed25519 instead of == 1.1.1.
  2. opendkim-testkey: Add options 1, 2, and e to create an rsa-sha1, rsa-sha256, or ed25519 signature, respectively. Rsa-sha256 is the default. Previously the tool could only create rsa-sha1 signatures.
  3. opendkim-genzone: Debian's opendkim includes nsupdate_output.patch which was added long ago for Debian bug
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849540.
    The patch originally came from a bug reported against 2.10.3 in the opendkim sourceforge bug database:
    https://sourceforge.net/p/opendkim/feature-requests/200
    Somehow that sourceforge bug report and fix didn't make it to opendkim github. That patch fixes nsupdate output formatting and adds a key usage option. This patch does that and also adds support for ed25519 keys.

@jcastle-gh
Merge PR162
ff18657
@jcastle-gh
Support ed25519 in opendkim tools, fix orphaned opendkim-genzone bug
52e28cf 
Depends on trusteddomainproject#162
This should be merged after PR trusteddomainproject#162, Upgrade to OpenSSL 3".

1. opendkim-genkey: require openssl >= 1.1.1 for ed25519 instead of == 1.1.1.

2. opendkim-testkey: Add options 1, 2, and e to create an rsa-sha1,
   rsa-sha256, or ed25519 signature, respectively. Rsa-sha256 is the default.
   Previously the tool could only create rsa-sha1 signatures.

3. opendkim-genzone: Debian's opendkim includes nsupdate_output.patch which
   was added long ago for Debian bug 849540:
     https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849540
   The patch originally came from a bug reported against 2.10.3 in the
   opendkim sourceforge bug database:
     https://sourceforge.net/p/opendkim/feature-requests/200
   Somehow that sourceforge bug and fix didn't make it to opendkim github.
   That patch fixes nsupdate output formatting and adds a key usage option.
   This patch does that and also adds support for ed25519 keys.
@jcastle-gh
Fix formatting in the opendkim-genkey.8.in man page change.
e085464
@createyourpersonalaccount
Copy link

createyourpersonalaccount commented Jun 23, 2025
edited
Loading

Can someone look into this? Support for Ed25519 would be nice. For alternatives, consider rspamd which supports both RSA and Ed25519. It's also important that SHA256 support is added.

Edit: with opendkim -V I see rsa-sha1, rsa-sha256, ed25519-sha256. Why is this patch needed then?

@futatuki futatuki mentioned this pull request Oct 20, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jcastle-gh @createyourpersonalaccount