🚧
experimental, in development
🏗
TODO
The viadkim library contains a complete implementation of DomainKeys Identified Mail (DKIM). DKIM is specified in [RFC 6376].
This library provides both high-level APIs for signing and verifying email messages, as well as the low-level APIs used to implement this functionality. It is an asynchronous library based on the Tokio async runtime.
This library is developed independently from scratch, by following the RFC specification and related documents. The design objectives sketched below are used to guide development.
TODO
The goal of viadkim is to provide a free DKIM library suitable for long-lived mail server processes, with strong RFC conformance guarantees.
Of particular importance is that the library should be efficient. Some items of note in this rubric are: doing DNS requests for public key records concurrently; bypass or shortcut message body processing where this is possible, and without the whole message being in memory at once; or sharing message body canonicalisation results among signature evaluation tasks.
Of equal importance is a certain resilience and broad compatibility in handling inputs. Notably, internationalised email is fully supported in viadkim. But also malformed inputs that do occur in practice, such as stray Latin 1 bytes in headers are handled transparently. Generally, all inputs are handled gracefully, and similarly all outputs should be well-formed.
Care is taken to conform strictly to RFC 6376, including RFC updates and
known errata. Internationalised email was already mentioned. Also, for example,
for both signing and verifying only the signature algorithms rsa-sha256 and
ed25519-sha256 are supported, the historic signature algorithm rsa-sha1 was
retired and is not supported (see [RFC 8301]).
TODO
Two structs provide the main entry points to DKIM processing with viadkim:
Signer for signing a message, and Verifier for verifying a message’s
signatures.
DNS resolution is abstracted in trait LookupTxt.
A lookup implementation of the LookupTxt trait can be made available for the
Trust-DNS async resolver by enabling feature trust-dns-resolver.
TODO
dkimverify
dkimsign
Copyright © 2022–2023 David Bürgin
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.