Sample code for 30+ languages & platforms
Tcl

Verify DomainKey-Signature Headers in Downloaded Email

See more DKIM / DomainKey Examples

Downloads email from an IMAP server and verifies the DomainKey-Signature header(s) in each email, if present.

Note: DKIM-Signatures are much more common than DomainKey-Signatures. See the other Chilkat example for verifying DKIM-Signatures (link in the code below).

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set imap [new_CkImap]

# Connect to an IMAP server, login, select mailbox..
# Use TLS 
CkImap_put_Ssl $imap 1
CkImap_put_Port $imap 993
set success [CkImap_Connect $imap "imap.example.com"]
if {$success == 1} then {
    set success [CkImap_Login $imap "myLogin" "myPassword"]
    if {$success == 1} then {
        set success [CkImap_SelectMailbox $imap "Inbox"]
    }

}

if {$success != 1} then {
    puts [CkImap_lastErrorText $imap]
    delete_CkImap $imap
    exit
}

# Note: DKIM-Signatures are much more common than DomainKey-Signature
# See DKIM-Signature Verify Sample.

set dkim [new_CkDkim]

# Download a max of 10 emails and verify any DomainKey-Signature headers
# that are present.

# Download emails by sequence numbers (not UIDs).
set bUid 0

set n [CkImap_get_NumMessages $imap]
if {$n > 50} then {
    set n 50
}

set json [new_CkJsonObject]

CkJsonObject_put_EmitCompact $json 0

# To verify DomainKey-Signature headers, we need the exact unmodified MIME bytes of each email.
set mimeData [new_CkBinData]

set seqNum 1
while {$seqNum <= $n} {
    # The FetchSingleBd method was introduced in v9.5.0.76
    set success [CkImap_FetchSingleBd $imap $seqNum $bUid $mimeData]
    if {$success != 1} then {
        puts [CkImap_lastErrorText $imap]
        delete_CkImap $imap
        delete_CkDkim $dkim
        delete_CkJsonObject $json
        delete_CkBinData $mimeData
        exit
    }

    # Note: DKIM-Signatures are much more common than DomainKey-Signature
    # See DKIM-Signature Verify Sample.

    # Get the number of DomainKey-Signature headers.
    set numSigs [CkDkim_NumDomainKeySigs $dkim $mimeData]

    # Verify each..
    set j 0
    while {$j < $numSigs} {
        puts "------ DomainKey Signature $j"

        set success [CkDkim_DomainKeyVerify $dkim $j $mimeData]
        if {$success != 1} then {
            puts "Not valid."
            puts [CkDkim_lastErrorText $dkim]
        }         else {
            puts "valid."
        }

        # Show the additional information about the signature verification
        CkJsonObject_Load $json [CkDkim_verifyInfo $dkim]
        puts [CkJsonObject_emit $json]

        # The JSON contains information such as this:

        # 	{
        # 	  "domain": "amazonses.com",
        # 	  "selector": "7v7vs6w47njt4pimodk5mmttbegzsi6n",
        # 	  "publicKey": "MIGfMA0GCSqG...v2GvWPqGHz6uqeQIDAQAB",
        # 	  "canonicalization": "relaxed/simple",
        # 	  "algorithm": "rsa-sha256",
        # 	  "signedHeaders": "Subject:From:To:Date:Mime-Version:Content-Type:References:Message-Id:Feedback-ID",
        # 	  "verified": "yes"
        # 	}

        set j [expr $j + 1]
    }
    set seqNum [expr $seqNum + 1]
}

set success [CkImap_Disconnect $imap]

delete_CkImap $imap
delete_CkDkim $dkim
delete_CkJsonObject $json
delete_CkBinData $mimeData