How to verify DKIM signature from an e-mail with openssl?

Question

I've set up opendkim for my postfix and now all outgoing mails have DKIM-Signature heading. What I want to do is to verify manually, withoug DNS and external utilities, preferably with openssl only, that messages are getting correct signature. So as input data I have:

• DKIM-Signature header of an e-mail
• DKIM Selector, DKIM Domain
• DKIM Private Key
• DKIM Public signature if form of a record that I need to put to DNS

The question is how to decrypt and/or verify DKIM-Signature with DKIM Public signature using some CLI utility like openssl?

Answer 1

To verify directly from email's source

• Download email, usually an .eml file

• Install python

• pip install dkimpy

• dkimverify < email_file.eml

  Alternatively you can

  • dkimverify
  • paste source
  • Ctrl+D

source

Other methods

• Install thunderbird, configure your account, and install the Add-on Dkim verifier
• If you want to massively verify an mbox archive https://github.com/associatedpress/verify-dkim