EMERGENCY: RealityRipple Software is in need of assistance! Due to unexpected and major power problems, all project development and technical support is on hold indefinitely. Any donations would be incredibly appreciated at this time.
Did you know that RealityRipple Software is solar-powered software? Since 2003, RealityRipple Software has been run off-grid, relying on independently owned and operated solar panels, batteries, and a backup propane generator, while providing a negative carbon footprint by preserving over 200 acres of untouched forest.
Please consider making a donation to keep RealityRipple Software running!
PersonalDKIM is a method of adding DKIM headers locally. DKIM is designed to be used by mail exchange servers to validate messages passed on by those servers. However, many mail servers do not support DKIM. PersonalDKIM is a way to bypass this limitation.
Unfortunately, there are currently multiple issues with PersonalDKIM's implementation.
• First off, the message body is not hashed in the case of HTML or mixed content messages (including plain-text with attachments). For these messages, the body length to be hashed is set to "0". Thunderbird does not provide a fully formatted mail body during the send process.
• Secondly, many headers are not set in time for the signing process. Particularly the Date, Message-ID, and MIME headers. This means that the signed header list is limited to the To, From, and Subject entries in most cases.
• Third, replay attacks may be possible in situations where the body is not hashed, because the Date and Message-ID headers have not been set. The use of SPF is highly recommended to help combat this vulnerability.
• Fourth, Thunderbird does not like appending headers over a certain size, which means that 2048-bit and larger keys will not work as expected. The resulting signature is simply too long when large keys are used.
• Finally, at present, your Private Key is stored plainly in the Thunderbird config, not as a certificate. As far as I know, the certificates used for DKIM can not be imported into the Certificate Management system. Passwords are stored via Thunderbird's Password Manager, so if you're worried about security, please use a PKCS#5 or PKCS#8 encrypted key. You may also wish to use the master password feature.
The main thing I want to get across is that this extension is not secure. Do not use this extension for anything that requires cryptographic robustness, and do not reuse the Private Key for anything else.
PersonalDKIM is free for use or modification without limitation. However, it comes with no license, warranty, or guarantee of any kind. That being said, you can still ask any questions in the Comments section below, or contact me directly for assistance.
Be the first to post a comment about PersonalDKIM!