From 5dad2dded1a0e6bc14867451f2393b3338ee04fd Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Tue, 18 Dec 2018 20:50:24 +0100
Subject: [PATCH 1/2] [web] Duplicating DKIM key corrupts private key

Missing base64_decode() corrupted private key when duplicating, as `$from_domain_dkim['privkey']` returns the public key base64-encoded.
---
 data/web/inc/functions.dkim.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/inc/functions.dkim.inc.php b/data/web/inc/functions.dkim.inc.php
index 819afd25..f4bfd997 100644
--- a/data/web/inc/functions.dkim.inc.php
+++ b/data/web/inc/functions.dkim.inc.php
@@ -123,7 +123,7 @@ function dkim($_action, $_data = null) {
         try {
           $redis->hSet('DKIM_PUB_KEYS', $to_domain, $from_domain_dkim['pubkey']);
           $redis->hSet('DKIM_SELECTORS', $to_domain, $from_domain_dkim['dkim_selector']);
-          $redis->hSet('DKIM_PRIV_KEYS', $from_domain_dkim['dkim_selector'] . '.' . $to_domain, trim($from_domain_dkim['privkey']));
+          $redis->hSet('DKIM_PRIV_KEYS', $from_domain_dkim['dkim_selector'] . '.' . $to_domain, base64_decode(trim($from_domain_dkim['privkey'])));
         }
         catch (RedisException $e) {
           $_SESSION['return'][] = array(
@@ -307,4 +307,4 @@ function dkim($_action, $_data = null) {
       }
     break;
   }
-}
\ No newline at end of file
+}

From 59301decab15f39dc8ffc77df663fcd33d34e2e8 Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <patrik@kernstock.net>
Date: Tue, 18 Dec 2018 21:00:16 +0100
Subject: [PATCH 2/2] [Web] Add hint to DKIM key import for RSA PKCS#8

Adding hint to explicitly provide a RSA Private key in the newer PKCS#8 format, as the webinterface denies the key with a cryptic error message otherwise: `Private key error: error:0EFFF06C:configuration file routines:CRYPTO_internal:no value`. To prevent frustrated users I'd add a simple notice which format is expected. PKCS#8 is also the default format when generating keys directly in the webinterface.

Some interesting resources:
https://stackoverflow.com/questions/20065304/differences-between-begin-rsa-private-key-and-begin-private-key
https://stackoverflow.com/questions/17733536/how-to-convert-a-private-key-to-an-rsa-private-key
---
 data/web/admin.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/admin.php b/data/web/admin.php
index 2241da86..3cd1f0d3 100644
--- a/data/web/admin.php
+++ b/data/web/admin.php
@@ -333,7 +333,7 @@ $tfa_data = get_tfa();
             <input class="form-control input-sm" name="dkim_selector" value="dkim" required>
           </div>
           <div class="form-group">
-            <label for="private_key_file"><?=$lang['admin']['private_key'];?>:</label>
+            <label for="private_key_file"><?=$lang['admin']['private_key'];?>: (RSA PKCS#8)</label>
             <textarea class="form-control input-sm" rows="10" name="private_key_file" id="private_key_file" required placeholder="-----BEGIN RSA KEY-----"></textarea>
           </div>
           <button class="btn btn-sm btn-default" data-action="add_item" data-id="dkim_import" data-api-url='add/dkim_import' data-api-attr='{}' href="#"><span class="glyphicon glyphicon-plus"></span> <?=$lang['admin']['import'];?></button>