dkim pubkey from rpivate key
This commit is contained in:
parent
139a46dce0
commit
b67e77ed6a
SSH key fingerprint:
SHA256:v0410ZKfuO1QHdgKBsdQNF64xmTxOF8osF1LIqwTcVw
11 changed files with 24 additions and 40 deletions
|
|
@ -2,7 +2,7 @@ from os.path import join, exists
|
|||
from re import sub
|
||||
from cryptography.hazmat.primitives import serialization as crypto_serialization
|
||||
from cryptography.hazmat.primitives.asymmetric import rsa
|
||||
from cryptography.hazmat.backends import default_backend as crypto_default_backend
|
||||
from cryptography.hazmat.primitives.serialization import load_pem_private_key
|
||||
|
||||
|
||||
defaults = {
|
||||
|
|
@ -23,46 +23,40 @@ defaults = {
|
|||
)
|
||||
def keys(metadata):
|
||||
keys = {}
|
||||
|
||||
|
||||
for domain in metadata.get('mailserver/domains'):
|
||||
if domain in metadata.get(f'opendkim/keys'):
|
||||
continue
|
||||
|
||||
pubkey_path = join(repo.path, 'data', 'dkim', f'{domain}.pubkey')
|
||||
|
||||
privkey_path = join(repo.path, 'data', 'dkim', f'{domain}.privkey.enc')
|
||||
|
||||
if not exists(pubkey_path) or not exists(privkey_path):
|
||||
key = rsa.generate_private_key(
|
||||
backend=crypto_default_backend(),
|
||||
public_exponent=65537,
|
||||
key_size=2048
|
||||
)
|
||||
with open(pubkey_path, 'w') as file:
|
||||
file.write(
|
||||
''.join(
|
||||
key.public_key().public_bytes(
|
||||
crypto_serialization.Encoding.PEM,
|
||||
crypto_serialization.PublicFormat.SubjectPublicKeyInfo
|
||||
).decode().split('\n')[1:-2]
|
||||
)
|
||||
)
|
||||
|
||||
if not exists(privkey_path):
|
||||
with open(privkey_path, 'w') as file:
|
||||
file.write(
|
||||
repo.vault.encrypt(
|
||||
key.private_bytes(
|
||||
rsa.generate_private_key(
|
||||
public_exponent=65537,
|
||||
key_size=2048
|
||||
).private_bytes(
|
||||
crypto_serialization.Encoding.PEM,
|
||||
crypto_serialization.PrivateFormat.PKCS8,
|
||||
crypto_serialization.NoEncryption()
|
||||
).decode()
|
||||
)
|
||||
)
|
||||
|
||||
with open(pubkey_path, 'r') as pubkey:
|
||||
with open(privkey_path, 'r') as privkey:
|
||||
keys[domain] = {
|
||||
'public': pubkey.read(),
|
||||
'private': repo.vault.decrypt(privkey.read()),
|
||||
}
|
||||
|
||||
with open(privkey_path, 'r') as file:
|
||||
privkey = str(repo.vault.decrypt(file.read()))
|
||||
|
||||
keys[domain] = {
|
||||
'public': ''.join(
|
||||
load_pem_private_key(privkey.encode(), password=None).public_key().public_bytes(
|
||||
crypto_serialization.Encoding.PEM,
|
||||
crypto_serialization.PublicFormat.SubjectPublicKeyInfo
|
||||
).decode().split('\n')[1:-2]
|
||||
),
|
||||
'private': privkey,
|
||||
}
|
||||
|
||||
return {
|
||||
'opendkim': {
|
||||
|
|
@ -76,13 +70,13 @@ def keys(metadata):
|
|||
)
|
||||
def dns(metadata):
|
||||
dns = {}
|
||||
|
||||
|
||||
for domain, keys in metadata.get('opendkim/keys').items():
|
||||
raw_key = sub('^ssh-rsa ', '', keys['public'])
|
||||
dns[f'mail._domainkey.{domain}'] = {
|
||||
'TXT': [f'v=DKIM1; k=rsa; p={raw_key}'],
|
||||
}
|
||||
|
||||
|
||||
return {
|
||||
'dns': dns,
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1 +0,0 @@
|
|||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4dQp8/c9DHjoEIHdYZAzbpYoADB+/sR0iZiWrVUdckoSXCV7+kg3wPwC3jVs+mOMOoME7+t6/YssuHp6kzCP56afJYC/LwMz9DIQLIOY4EgTrT+wBIT82Z7EPuCPti+wkoNiiQ5a7SdV3SHhldow0UOHLm0wLuLVQgGAVPk6W+wKFBWWobYfFYR4gz/fZ/fMxVP9N6SR/cyUTFpZAi276bv5F00qDEPqEz9pKW0ZKIDanzPxvmJviJbcuFUt4EVM7VFHifgLVPwNaw8cIEIhyiWd7DYwQ+oIgWqgrJV3K0IFSIeRqIuUdHXTxtK05RQAubwfEAftukm5BuwJ7tX8wIDAQAB
|
||||
|
|
@ -1 +0,0 @@
|
|||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/kwjoenqcxfrcNMv+jcWeTToq77XG9aPXgOS3KiPVEkwGBvw/Cc/F9lR7X8RoaiZfnohZQ9ou+8b76yKwdSo946HrwTGRyeyel3ICysBsPQRVMH/N5MUDFIOxmVIek59AbzBRGQdLeNmtpkt/SkwyavPGr7PcE6vBq9h5so10B0YvlMW7VHm8pAW/44M+iD0h0LA0qFNEtadRl4mDnmcOgsiMSO9etQJeiKmrclGaqn4rQuTPJLza/NRy7I0NiO33Y4woOLBn8RNC9PCLsKora4hAO4zqdwzUj8YAiBpUgFbdpl6NnlBgeZbwwy5dtzayRJrTwHQtgt7SyWjG2eUwIDAQAB
|
||||
|
|
@ -1 +0,0 @@
|
|||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApecV+1VhWI73uDfzn5AzMkXA4W3cY1tR0xTs8p3OVJw0GT1mDRxlraH2I/XUcMe239Stjmd+HsX/axtE45Db1co6ZumqBIRhAA1m9yfSqTG9dD/ptvcs+gXK9M7YXJVzh7f39kU+ObajjzHFYNvM0wM3sL7ml/A3QgmTFbwbbF+bysQfezpa0X0LTJa6vQQ0qV+KgeYpgoKX3X+SoQKQECGwZxdZPMOokKZ8lp3y1rpFKavpXyWS9ZKRDeIyzpTAb5KAFCeP2IueHV1YrTcID4lY5geWJLjMvClvx5YLh7L615hNfrNYLINTVkU1QUMoGa+vO0MXq0omG77j4kR8sQIDAQAB
|
||||
|
|
@ -1 +0,0 @@
|
|||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8NkrzV2CnoU0bIvXpb4zPD1MfOG4nT9BVEmI+IOK1RgiAPSp0vm7ExINerDrNMtCDe2ihxgQCRjXsHAw4DiatG9mdxDoHWYr4y/99jVnEwrSLdnzgcZ5++Jo1MmwDu1wP0TsYbot8/VYkBPXUXpGGemj68zcBw1HoqA08v3+Smg6RauAmaUdv83YU0HRoszsMXSe9nFElpWCVjocsXbhCcBGVZWpgTnhyazSUuHkClDxfthHDcxs8oGsFSDT56KmNoVIIpKde+B4WQIuUQVepgUXaK1pxu07otOIoRmV/sWEyKM4W88CsLDLQ1lPam5wfVIOb4FPzbx7CX4uCu+mNwIDAQAB
|
||||
|
|
@ -1 +0,0 @@
|
|||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7NTFAEClNk4dEigDuc55YWeWgn664PNiSDHXT8ZMp2IXFicXqDGo8GmZTx1mhpEtd7DvPwhphrZpWKDZQ9YRN8KjplgEqsdANyXzGBEIQ2n4X6vLEQolOjGgUKh5ZwZxuTudDRAAqLRjXYwrf29m/urf+yjxkdf0pptvWkAitGjfcWU67k8nJrs3VDk1oWvtD4nCtHD1IFGEGm1Us1Y4pw7HbtGUhXOk2qOjocRYwWcP5Aadd0hIB+7nKBfCuowNBvI85s5Y0AFFXEqWy9Ia2G3qLKgotgqG++4nZJLaZ+HMH2u4yzMBKzHySa4Q3uO5GvgBum8VjX6ZqyEa0+/gKwIDAQAB
|
||||
|
|
@ -1 +0,0 @@
|
|||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw7romuUtuWNWYnJO6cOs9DD0/DQz85P57ytmBKJhPiYcE7ZeqqOtSsad+c2AINz43RU1wzBdWjg6xD4UWWX82BTWFFWEgNZZkz4oxFmI9xiePfAJvjKiIV2q5FSwPwehB50K/WWvq8onC8DbL7dGzp2BNVFoSBKC1244nnQISNyidXifPyawgT5Jln6mnbaVJYOqbAaFrJle9MhfgrRAYR8VJoHfYQO4sHGRfKtUTmTz2lz4sEGcuyZou0BevUN7DiCO5Bp3MBCRP1yuHqoRo1z+NyNP2zH3sb8UUErYUVzeg6m02Pj3SbSRnf0V9jh3AJjrRI0ELAEDa0aefh5tBQIDAQAB
|
||||
|
|
@ -1 +0,0 @@
|
|||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA06GmwVEZJlZ8cQvfDD0f/EYM0WEXekyUyYjHEfvTEw6RPr6f89BMSs3JeoDCpTya3QZviJGUADJuyFaFw585hmQaRglt+AJSCaKQUIZ0LmEWmwvox1NQxXBo5KJSuoo4NbkDC0DfueKhlGXwW0gRLwck9Jr7X9tI8xkopQmF8XjFULLIvGXb+tqtTKxQBF6pFEzEiZZvTVY7eovl+U0Xuzgs99W7eNA95KNzaaHFseo3VprCE+ofL2fxcuIyUtp+GEE7KyASJjJAqLUblUkHI9Yzv4G9NjSKvKBeLc3tTRWj2YUSdXANzwQXdrd38ZJYw0NOl3k3boFQgHr3ec91DQIDAQAB
|
||||
|
|
@ -1 +0,0 @@
|
|||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvB69VOHK0vJ0yumq5TR9/29N0PQiZj4HQJ1hMdQGuwt3zozDR7vvgINJ5lJo8NXcZEJtbRbkIEJLJFvMiGfALNYU/Lcgpfc0bfCgWgwsvFe2P8JrcxSDf0M0eEV/k78agXVn75b5eWDCPPSm16XqjK8RlNz3LJo7ENkVAZshPg4mRm039ejAFmKKCirfzw3l4uZak9czSQxlLmOd503uiu0ljlguwHoNRX2FLSi77mdDYQl16BtHgu96fJL0ruiokfyuBi0Ves1LX2Fc4KQIzk1cgEt/dSZvQBkvYH/idR48rVgOT+lGyT30y2VbyFK0rCSft8tcC7HDoqYi2zJQQIDAQAB
|
||||
|
|
@ -1 +0,0 @@
|
|||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokl8Ws+H87uRqTH0iHli0kvFuUdBF+gY/Gebhrk9SGSkl4+COf7rTT5fKjmOL+gAXDM9Lrx+uw1wwFgaUxK06teb9VAXTJlw938Gz5/rnySEygAub9UpkJD2nqW7y0MI5qtlhtNZnIDSm8mste7xjuGYrk9leSP2f4Xuc3gLppMyNLvVdyoM1Tbr0rA27PnOGdnDGT/piTohb+32hhmGXV+Q13NlZFcfwCgU1kHOk2q+5eh5vAiBWdh/0SCNmIbgoRzqMW7tv+8MuWusYV1QNyGLeI0At9Xnk73/jqW1J4WM4cxsMHe4Q4UoB3hlf1AzZT3Wathi7gDmASV3iN1xjwIDAQAB
|
||||
|
|
@ -1 +0,0 @@
|
|||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyofUyqm5I6AaaF3b/vNWAb6ihpKDpYIogOJotSp7LewVFiPJ6mYXQ2hL/rrtEvvcMqGGhKoWC0SB3drPzCZbXrGSwiEIXvs5yJcG0QvZpW+/02oY/iDk7/Mdo+o3Rk34FVbjbqKVZnU43RLmLD5aVdEvkxZKTuPfX7h/g0iNJ2CoHC/w+kK8OkftEJflb6ETQVSI9nzUHCFucbe5JTjj5flf3k6Sy1P/Jk4ESGdAEwdHNaPooE/mXT3aBxDWxDj+mxTHOkU5ehJI8iUzTiRtjdiyLmf1r18bAUYlYUtDEX4ho3ha8TdxvEJfOeBdPp7Dt7flNCJXSq2kjQEvmjxyyQIDAQAB
|
||||
Loading…
Reference in a new issue