OpenDKIM Library (libopendkim)

Introduction

DomainKeys Identified Mail ("DKIM") is a specification for signing messages at the domain level using simple cryptographic methods to indicate that the signing domain accepts some responsibility for the message. While the most obvious application of this is to defend against forged mail, other applications can make use of this capability.

DKIM is an amalgamation of DomainKeys, created by Yahoo!, Inc., and Internet Identified Mail (IIM) created by Cisco, Inc. Both can be found as historical RFCs documents via the IETF web sites. More information about DomainKeys can be found here.

This API (libopendkim) allows an application to sign or verify messages according to the DKIM proposed standard. It also includes a number of extensions to support other protocols that are not part of DKIM itself. Support is included for ADSP, a mechanism for determining whether or not the purported author domain claims all of its mail is signed. Also provided is an implementation of a filter, using Sendmail's milter package, that uses libopendkim to implement this facility.

Data Types

Data Type Description
DKIM A signing/verifying context for a message.
dkim_alg_t A signature generation/verification method.
dkim_atps_t An Authorized Third-Party Signer test result.
dkim_canon_t A canonicalization method.
DKIM_CBSTAT Return value/status from user-provided callbacks.
DKIM_DNSSEC Key and policy record security evaluation codes.
DKIM_LIB An instance of the libopendkim service.
dkim_param_t A signature parameter.
dkim_policy_t A sender signing policy.
DKIM_PRESULT A policy evaluation result.
DKIM_PSTATE Policy lookup state information.
dkim_query_t A key query method.
DKIM_QUERYINFO A handle describing a required DNS query.
DKIM_SIGERROR Signature evaluation error codes.
DKIM_SIGINFO Private handle referencing information about a particular signature on a signed message.
dkim_sigkey_t Private key data.
DKIM_STAT Return value/status.

Functions

Function Description
Administration
dkim_init() Initialize an instance of the DKIM service.
dkim_flush_cache() Flush the key/policy cache.
dkim_getcachestats() Retrieve caching statistics.
dkim_geterror() Retrieve the most recent internal error message associated with a DKIM handle.
dkim_getmode() Return the mode (signing or verifying) of a DKIM handle.
dkim_get_signer() Retrieve the current message signer (if any).
dkim_get_user_context() Retrieve a specific user context pointer for a sign or verify operation previously set by a call to dkim_set_user_context().
dkim_libfeature() Test for availability of a particular feature in the library.
dkim_libversion() Retrieve the version of libopendkim against which the application is linked.
dkim_set_dns_callback() Request a call back into the main program from time to time while waiting for DNS results.
dkim_set_final() Provide a function to perform final signature analysis and/or re-ordering during verifications.
dkim_set_key_lookup() Provide a function to perform key lookups, replacing the internal implementation.
dkim_set_policy_lookup() Provide a function to perform policy lookups, replacing the internal implementation.
dkim_set_prescreen() Provide a function to perform signature prescreening and/or re-ordering during verifications.
dkim_set_signature_handle() Provide a function to allocate a user-side signature description structure and return a pointer to it.
dkim_set_signature_handle_free() Provide a function to deallocate a user-side signature description structure.
dkim_set_signature_tagvalues() Provide a function to receive signature-specific tags and values for user-side analysis.
dkim_set_user_context() Set a specific user context pointer for a sign or verify operation which will be passed to user callbacks.
dkim_ssl_version() Retrieve the OpenSSL version used when the library was compiled.
dkim_close() Terminate an instance of the DKIM service.
Signing
dkim_sign() Allocate a new DKIM handle for signing a message.
dkim_add_querymethod() Indicate to verifiers which signing method(s) and option(s) should be used to retrieve the public key for verification.
dkim_add_xtag() Add an extension tag and corresponding value.
dkim_getpartial() Check partial signature request flag.
dkim_getsighdr() Generate and return a signature header into a fixed-size buffer.
dkim_getsighdr_d() Generate and return a signature header in a dynamically-allocated buffer.
dkim_privkey_load() Attempt to parse and load a signing key.
dkim_set_margin() Set the wrapping margin to use for signature header generation.
dkim_set_signer() Set the message signer.
dkim_setpartial() Request "l=" tag on a signature.
dkim_signhdrs() Select header fields to be signed for this message, overriding the default.
Verifying
dkim_verify() Allocate a new DKIM handle for verifying a message.
dkim_atps_check() Perform an Authorized Third-Party Signer check.
dkim_diffheaders() Compare original headers to received headers and look for approximate matches to identify header munging in order to explain verification failures.
dkim_get_reputation() Query a DKIM reputation service.
dkim_getdomain() Return the sending domain from a message represented by a DKIM handle.
dkim_getpolicystr() Translate a policy code into a user-friendly string.
dkim_getpresult() Retrieve detail about the sender's policy evaluation with respect to the message associated with a DKIM handle.
dkim_getpresultstr() Translate a policy result code into a user-friendly string.
dkim_getresultstr() Translate a DKIM_STAT constant into a string.
dkim_getsiglist() Retrieve the array of signature handles associated with a message.
dkim_getsignature() Retrieve the signature handle to be used for final message disposition.
dkim_getsslbuf() Retrieve the SSL error buffer for a DKIM signing handle.
dkim_getuser() Return the sending user from a message represented by a DKIM handle.
dkim_minbody() Return number of bytes required to satisfy all active canonicalizations referenced by a DKIM handle.
dkim_ohdrs() Retrieve the original header set from a signature if such were present.
dkim_policy() Evaluate sender signing policy information.
dkim_policy_getqueries() Get the set of DNS queries needed to do a policy evaluaton.
dkim_policy_state_free() Free a policy state handle.
dkim_policy_state_new() Initialize a policy state handle.
dkim_policy_getdnssec() Retrieve DNSSEC evaluation of a sending domain's policy record.
dkim_policy_getreportinfo() Retrieve information required to generate a policy failure report.
dkim_sig_getbh() Retrieve body hash test result from a signature handle.
dkim_sig_getcanonlen() Retrieve information regarding total canonicalized body length, and the size of what was actually signed.
dkim_sig_getcanons() Retrieve the canonicalization modes used to generate a signature.
dkim_sig_getcontext() Retrieve user-side context specific to a signature.
dkim_sig_getdnssec() Retrieve DNSSEC evaluation of a signature's key record.
dkim_sig_getdomain() Retrieve the domain name found in the signature on a message.
dkim_sig_geterror() Retrieve the error code associated with a rejected/disqualified signature.
dkim_sig_geterrorstr() Retrieve the text version of a signature error code.
dkim_sig_getflags() Retrieve processing flags from a signature handle.
dkim_sig_getidentity() Retrieve the identity of the signing agent from a signature or message.
dkim_sig_getkeysize() Retrieve the size in bits of the key used to verify a message.
dkim_sig_getqueries() Get the set of DNS queries needed to complete signature validation.
dkim_sig_getreportinfo() Retrieve information required to generate a verification failure report.
dkim_sig_getselector() Retrieve the selector found in a signature on a message.
dkim_sig_getsignalg() Retrieve the signature algorithm used to sign a message.
dkim_sig_getsignedhdrs() Retrieve signed header data.
dkim_sig_getsigntime() Retrieve the timestamp on the signature of a message.
dkim_sig_getsslbuf() Retrieve the SSL error buffer for a signature.
dkim_sig_hdrsigned() Determine whether or not a particular header was signed.
dkim_sig_ignore() Flag a signature to be ignored when verifying.
dkim_sig_process() Process a signature for validity.
dkim_sig_seterror() Set the error code associated with a signature.
Processing
dkim_header() Process a header.
dkim_eoh() Identify end of headers.
dkim_body() Process a body chunk.
dkim_eom() Identify end of message.
dkim_chunk() Process a message chunk.
Utility
dkim_getid() Retrieve "id" string from handle.
dkim_get_msgdate() Attempt to parse the Date: header field of a message and return its UNIX time_t conversion as a 64-bit unsigned integer.
dkim_get_sigsubstring() Retrieve a minimal signature substring for matching results to signatures.
dkim_key_syntax() Check the syntax of a key record.
dkim_mail_parse() Parse an message header field, e.g. From:, to get user and domain.
dkim_options() Get or set library options.
dkim_policy_syntax() Check the syntax of a policy record.
dkim_qi_getname() Retrieve the DNS name from a DKIM_QUERYINFO handle.
dkim_qi_gettype() Retrieve the DNS resource record type from a DKIM_QUERYINFO handle.
dkim_sig_gethashes() Retrieve computed hashes related to a signature.
dkim_sig_gettagvalue() Retrieve arbitrary tags and values from signatures and keys.
dkim_sig_syntax() Check the syntax of a signature.
DNS Operations
dkim_dns_close() Force shutdown of the DNS resolver in use by the library.
dkim_dns_config() Provide the active DNS resolver with arbitrary configuration information to be used.
dkim_dns_init() Force initialization of the DNS resolver to be used by the library.
dkim_dns_nslist() Provide the active DNS resolver with a new set of nameservers to be used.
dkim_dns_set_close() Set the function to be used by the library to terminate a DNS resolver.
dkim_dns_set_config() Set the function to be used by the library to pass arbitrary configuration data to the underlying resolver.
dkim_dns_set_init() Set the function to be used by the library to initialize a DNS resolver.
dkim_dns_set_nslist() Set the function to be used by the library to change the set of nameservers in use by a DNS resolver.
dkim_dns_set_query_cancel() Set the function to be used by the library to cancel a pending DNS query whose result is no longer needed.
dkim_dns_set_query_service() Set the DNS query service handle to be used by the library.
dkim_dns_set_query_start() Set the DNS query start function to be used by the library.
dkim_dns_set_query_waitreply() Set the function to be used by the library to wait for a reply to a pending DNS query.
dkim_dns_set_trustanchor() Set the function to be used by the library to pass arbitrary trust anchor data to the underlying resolver.
dkim_dns_trustanchor() Provide the active DNS resolver with trust anchor configuration information to be used.
Cleanup
dkim_free() Destroy a per-message handle of the DKIM service.

An overview of the general use of this API is available here. An overview of the DNS resolver portion of the API is available here.
Copyright (c) 2005-2008 Sendmail, Inc. and its suppliers. All rights reserved.
Copyright (c) 2009-2013, The Trusted Domain Project. All rights reserved.
By using this file, you agree to the terms and conditions set forth in the respective licenses.