NAME

Mail::DKIM::Signature - encapsulates a DKIM signature header

CONSTRUCTORS

new() - create a new signature from parameters

my $signature = new Mail::DKIM::Signature(
                    [ Algorithm => "rsa-sha1", ]
                    [ Signature => $base64, ]
                    [ Method => "nowsp", ]
                    [ Domain => "example.org", ]
                    [ Headers => "from:subject:date:message-id", ]
                    [ Query => "dns", ]
                    [ Selector => "alpha", ]
                );

parse() - create a new signature from a DKIM-Signature header

my $sig = parse Mail::DKIM::Signature(
                "DKIM-Signature: a=rsa-sha1; b=yluiJ7+0=; c=nowsp"
          );

Constructs a signature by parsing the provided DKIM-Signature header content. You do not have to include the header name (i.e. "DKIM-Signature:") but it is recommended, so the header name can be preserved and returned the same way in as_string().

Note: The input to this constructor is in the same format as the output of the as_string method.

METHODS

algorithm() - get or set the algorithm (a=) field

The algorithm used to generate the signature. Should be "rsa-sha1", an RSA-signed SHA-1 digest.

as_string() - the signature header as a string

print $signature->as_string . "\n";

outputs

DKIM-Signature: a=rsa-sha1; b=yluiJ7+0=; c=nowsp

As shown in the example, the as_string method can be used to generate the DKIM-Signature that gets prepended to a signed message.

as_string_without_data() - signature without the signature data

print $signature->as_string_without_data . "\n";

outputs

DKIM-Signature: a=rsa-sha1; b=; c=nowsp

This is similar to the as_string() method, but it always excludes the "data" part. This is used by the DKIM canonicalization methods, which require incorporating this part of the signature into the signed message.

body_count() - get or set the body count (l=) field

my $i = $signature->body_count;

Informs the verifier of the number of bytes in the body of the email included in the cryptographic hash, starting from 0 immediately following the CRLF preceding the body. Also known as the l= tag.

When creating a signature, this tag may be either omitted, or set after the selected canonicalization system has received the entire message body (but before it canonicalizes the DKIM-Signature).

canonicalization() - get or set the canonicalization (c=) field

$signature->canonicalization("relaxed", "simple");

($header, $body) = $signature->canonicalization;

Message canonicalization (default is "simple/simple"). This informs the verifier of the type of canonicalization used to prepare the message for signing.

In scalar context, this returns header/body canonicalization as a single string separated by /. In list context, it returns a two element array, containing first the header canonicalization, then the body.

domain() - get or set the domain (d=) field

my $d = $signature->domain;          # gets the domain value
$signature->domain("example.org");   # sets the domain value

The domain of the signing entity, as specified in the signature. This is the domain that will be queried for the public key.

expiration() - get or set the signature expiration (x=) field

Signature expiration (default is undef, meaning no expiration). The signature expiration, if defined, is an unsigned integer identifying the standard Unix seconds-since-1970 time when the signature will expire.

headerlist() - get or set the signed header fields (h=) field

Signed header fields. A colon-separated list of header field names that identify the header fields presented to the signing algorithm.

identity() - get or set the signing identity (i=) field

my $i = $signature->identity;

Identity of the user or agent on behalf of which this message is signed. The identity has an optional local part, followed by "@", then a domain name. The domain name should be the same as or a subdomain of the domain returned by the domain method.

Ideally, the identity should match the identity listed in the From: header, or the Sender: header, but this is not required to have a valid signature. Whether the identity used is "authorized" to sign for the given message is not determined here.

method() - get or set the canonicalization (c=) field

Message canonicalization (default is "simple"). This informs the verifier of the type of canonicalization used to prepare the message for signing.

protocol() - get or set the query methods (q=) field

A colon-separated list of query methods used to retrieve the public key (default is "dns"). Each query method is of the form "type[/options]", where the syntax and semantics of the options depends on the type.

selector() - get or set the selector (s=) field

The selector subdivides the namespace for the "d=" (domain) tag.

signature() - get or set the signature data (b=) field

The signature data. Whitespace is automatically stripped from the returned value.

timestamp() - get or set the signature timestamp (t=) field

Signature timestamp (default is undef, meaning unknown creation time). This is the time that the signature was created. The value is an unsigned integer identifying the number of standard Unix seconds-since-1970.