Once received, to verify the DKIM the receiver can use the information in the DKIM signature, using the following steps:
The signed hash is included in the DKIM signature header entry, together with the body hash and the various settings used, so that the receiver can verify the email.The data hash is then signed by the authenticating domain using their private key to create the signed hash.This standardised list is then hashed – this is the “data hash”. A predefined list of header fields (including the body hash) is then standardised.The body of the email is standardised and then hashed – this is the “body hash”.How it worksĪt a high level, when an email is sent, a series of calculations are made to generate the content of the DKIM Signature header field, encoded into the email itself: It is therefore a fantastically useful method to identify if the content or dates of an email have been altered. The reason that DKIM is so useful in email forensics is that if it is present in the email header, it can be used to determine if the email body, or any of the headers included in the DKIM calculation (more on that below) have changed since the email was signed.
#Dkim signature body hash not verified verification#
This is done through a combination of content standardisation (canonicalization), hashing, and verification using public key cryptography. It is an authentication method that can be used to determine if an email is the same as it was when signed by some authority (often the sending domain). What is DKIMĭKIM stands for Domain Keys Identified Mail. I have included an introduction to DKIM and why it is so useful before delving into some of the more technical aspects. This article is a combination of solving the puzzle, demonstrating the procedures and power behind DKIM, and talking about how the methods used here could be extended and implications for the forensics community.Ī word of warning, this article does start to go into some of the more technical aspects of email forensics.
#Dkim signature body hash not verified manual#
As part of solving that challenge, I put together a manual walk-through of the DKIM validation process and thought that it might be helpful to share. One of the challenges involved an inventive use of DKIM – an email validation methodology. The competition completed last week and I am very happy to have finished in third place. I have recently been taking part in a capture the flag challenge focused on email forensics – see for example an article that I put out on LinkedIn here.