dkim: expose algorithm, hash list, and key size in DKIM record analysis

Parse k=, h=, a= tags and derive RSA key bit-length from the public key so consumers can detect weak configurations (SHA-1, short keys). Scoring now penalises rsa-sha1 (cap 60), RSA <1024 bit (cap 25), and RSA <2048 bit (cap 75); Ed25519 receives no penalty. Fixes: #37
2026-05-18 17:15:48 +08:00 · 2026-05-18 17:15:48 +08:00 · 1b8627ef86
commit 1b8627ef86
parent 369a13526f
4 changed files with 321 additions and 69 deletions
--- a/api/schemas.yaml
+++ b/api/schemas.yaml
@ -873,6 +873,24 @@ components:
          type: string
          description: DKIM record content
          example: "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA..."
+        key_type:
+          type: string
+          description: "Key type from k= tag (e.g. rsa, ed25519); defaults to rsa if absent"
+          example: "rsa"
+        hash_algorithms:
+          type: array
+          items:
+            type: string
+          description: "Acceptable hash algorithms from h= tag; empty means all accepted (RFC 6376 default: sha256)"
+          example: ["sha256"]
+        signing_algorithm:
+          type: string
+          description: "Algorithm used in DKIM-Signature a= tag (e.g. rsa-sha256, ed25519-sha256)"
+          example: "rsa-sha256"
+        key_size:
+          type: integer
+          description: "Public key size in bits (RSA: 1024/2048/4096; Ed25519: always 256)"
+          example: 2048
        valid:
          type: boolean
          description: Whether the DKIM record is valid