Verify DomainKey-Signature Headers in Downloaded Email
See more DKIM / DomainKey Examples
Downloads email from an IMAP server and verifies the DomainKey-Signature header(s) in each email, if present.
Note: DKIM-Signatures are much more common than DomainKey-Signatures. See the other Chilkat example for verifying DKIM-Signatures (link in the code below).
Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
set imap [new_CkImap]
# Connect to an IMAP server, login, select mailbox..
# Use TLS
CkImap_put_Ssl $imap 1
CkImap_put_Port $imap 993
set success [CkImap_Connect $imap "imap.example.com"]
if {$success == 1} then {
set success [CkImap_Login $imap "myLogin" "myPassword"]
if {$success == 1} then {
set success [CkImap_SelectMailbox $imap "Inbox"]
}
}
if {$success != 1} then {
puts [CkImap_lastErrorText $imap]
delete_CkImap $imap
exit
}
# Note: DKIM-Signatures are much more common than DomainKey-Signature
# See DKIM-Signature Verify Sample.
set dkim [new_CkDkim]
# Download a max of 10 emails and verify any DomainKey-Signature headers
# that are present.
# Download emails by sequence numbers (not UIDs).
set bUid 0
set n [CkImap_get_NumMessages $imap]
if {$n > 50} then {
set n 50
}
set json [new_CkJsonObject]
CkJsonObject_put_EmitCompact $json 0
# To verify DomainKey-Signature headers, we need the exact unmodified MIME bytes of each email.
set mimeData [new_CkBinData]
set seqNum 1
while {$seqNum <= $n} {
# The FetchSingleBd method was introduced in v9.5.0.76
set success [CkImap_FetchSingleBd $imap $seqNum $bUid $mimeData]
if {$success != 1} then {
puts [CkImap_lastErrorText $imap]
delete_CkImap $imap
delete_CkDkim $dkim
delete_CkJsonObject $json
delete_CkBinData $mimeData
exit
}
# Note: DKIM-Signatures are much more common than DomainKey-Signature
# See DKIM-Signature Verify Sample.
# Get the number of DomainKey-Signature headers.
set numSigs [CkDkim_NumDomainKeySigs $dkim $mimeData]
# Verify each..
set j 0
while {$j < $numSigs} {
puts "------ DomainKey Signature $j"
set success [CkDkim_DomainKeyVerify $dkim $j $mimeData]
if {$success != 1} then {
puts "Not valid."
puts [CkDkim_lastErrorText $dkim]
} else {
puts "valid."
}
# Show the additional information about the signature verification
CkJsonObject_Load $json [CkDkim_verifyInfo $dkim]
puts [CkJsonObject_emit $json]
# The JSON contains information such as this:
# {
# "domain": "amazonses.com",
# "selector": "7v7vs6w47njt4pimodk5mmttbegzsi6n",
# "publicKey": "MIGfMA0GCSqG...v2GvWPqGHz6uqeQIDAQAB",
# "canonicalization": "relaxed/simple",
# "algorithm": "rsa-sha256",
# "signedHeaders": "Subject:From:To:Date:Mime-Version:Content-Type:References:Message-Id:Feedback-ID",
# "verified": "yes"
# }
set j [expr $j + 1]
}
set seqNum [expr $seqNum + 1]
}
set success [CkImap_Disconnect $imap]
delete_CkImap $imap
delete_CkDkim $dkim
delete_CkJsonObject $json
delete_CkBinData $mimeData