DKIM cleanup, examples

.gitignore

@@ -1,7 +1,7 @@
 docs/phpdoc/
 test/message.txt
 test/testbootstrap.php
-test/*.pem
+*.pem
 .idea
 build/
 vendor/

docs/DomainKeys_notes.txt

@@ -1,55 +0,0 @@
-CREATE DKIM KEYS and DNS Resource Record:
-=========================================
-
-To create DomainKeys Identified Mail keys, visit:
-http://dkim.worxware.com/
-... read the information, fill in the form, and download the ZIP file 
-containing the public key, private key, DNS Resource Record and instructions
-to add to your DNS Zone Record, and the PHPMailer code to enable DKIM
-digital signing.
-
-/*** PROTECT YOUR PRIVATE & PUBLIC KEYS ***/
-
-You need to protect your DKIM private and public keys from being viewed or
-accessed. Add protection to your .htaccess file as in this example:
-
-# secure htkeyprivate file
-<Files .htkeyprivate>
-  order allow,deny
-  deny from all
-</Files>
-
-# secure htkeypublic file
-<Files .htkeypublic>
-  order allow,deny
-  deny from all
-</Files>
-
-(the actual .htaccess additions are in the ZIP file sent back to you from 
-http://dkim.worxware.com/ 
-
-A few notes on using DomainKey Identified Mail (DKIM):
-
-You do not need to use PHPMailer to DKIM sign  emails IF:
-- you enable DomainKey support and add the DNS resource record
-- you use your outbound mail server
-
-If you are a third-party emailer that works on behalf of domain owners to
-send their emails from your own server:
-- you absolutely have to DKIM sign outbound emails
-- the domain owner has to add the DNS resource record to match the 
-  private key, public key, selector, identity, and domain that you create
-- use caution with the "selector" ... at least one "selector" will already
-  exist in the DNS Zone Record of the domain at the domain owner's server
-  you need to ensure that the "selector" you use is unique
-Note: since the IP address will not match the domain owner's DNS Zone record
-you can be certain that email providers that validate based on DomainKey will
-check the domain owner's DNS Zone record for your DNS resource record. Before
-sending out emails on behalf of domain owners, ensure they have entered the 
-DNS resource record you provided them.
-
-Enjoy!
-Andy
-
-PS. if you need additional information about DKIM, please see:
-http://www.dkim.org/info/dkim-faq.html

examples/DKIM_gen_keys.phps

@@ -0,0 +1,44 @@
+<?php
+/**
+ * This shows how to make a new public/private key pair suitable for use with DKIM.
+ * You should only need to do this once, and the public key (**not** the private key!)
+ * you generate should be inserted in your DNS matching the selector you want.
+ *
+ * You can also use the DKIM wizard here: https://www.port25.com/support/domainkeysdkim-wizard/
+ * but be aware that having your private key known anywhere outside your own server
+ * is a security risk, and it's easy enough to create your own on your own server.
+ *
+ * For security, any keys you create should not be accessible via your web site.
+ *
+ * 2048 bits is the recommended minimum key length - gmail won't accept less than 1024 bits.
+ * To test your DKIM config, use Port25's DKIM tester:
+ * https://www.port25.com/support/authentication-center/email-verification/
+ *
+ * Note that you only need a *private* key to *send* a DKIM-signed message,
+ * but receivers need your *public* key in order to verify it.
+ *
+ * Your public key will need to be formatted appropriately for your DNS and
+ * inserted there using the selector you want to use.
+ */
+
+//Path to your private key:
+$privatekeyfile = 'dkim_private.pem';
+//Path to your public key:
+$publickeyfile = 'dkim_public.pem';
+
+//Create a 2048-bit RSA key with an SHA256 digest
+$pk = openssl_pkey_new(
+    [
+        'digest_alg'       => 'sha256',
+        'private_key_bits' => 2048,
+        'private_key_type' => OPENSSL_KEYTYPE_RSA
+    ]
+);
+//Save private key
+openssl_pkey_export_to_file($pk, $privatekeyfile);
+//Save public key
+$pubKey = openssl_pkey_get_details($pk);
+file_put_contents($publickeyfile, $pubKey['key']);
+
+echo file_get_contents($privatekeyfile);
+echo $pubKey['key'];

examples/DKIM_sign.phps

@@ -0,0 +1,41 @@
+<?php
+/**
+ * This example shows sending a DKIM-signed message with PHPMailer.
+ * More info about DKIM can be found here: http://www.dkim.org/info/dkim-faq.html
+ */
+
+//Import the PHPMailer class into the global namespace
+use PHPMailer\PHPMailer\PHPMailer;
+
+require '../vendor/autoload.php';
+
+//Usual setup
+$mail = new PHPMailer;
+$mail->setFrom('from@example.com', 'First Last');
+$mail->addReplyTo('replyto@example.com', 'First Last');
+$mail->addAddress('whoto@example.com', 'John Doe');
+$mail->Subject = 'PHPMailer mail() test';
+$mail->msgHTML(file_get_contents('contents.html'), dirname(__FILE__));
+$mail->AltBody = 'This is a plain-text message body';
+
+//See the DKIM_gen_keys.phps script for making a key pair -
+//here we assume you've already done that.
+//Path to your private key:
+$privatekeyfile = 'dkim_private.pem';
+
+//Put your domain in here
+$mail->DKIM_domain = 'example.com';
+//Put the path to your private key file in here
+$mail->DKIM_private = $privatekeyfile;
+//Set the selector
+$mail->DKIM_selector = 'phpmailer';
+//Put your private key's passphrase in here if it has one
+//Leave it blank otherwise.
+$mail->DKIM_passphrase = '';
+
+//When you send, the DKIM settings will be used to sign the message
+//if (!$mail->send()) {
+//    echo "Mailer Error: " . $mail->ErrorInfo;
+//} else {
+//    echo "Message sent!";
+//}

test/phpmailerTest.php

@@ -1702,7 +1702,7 @@ EOT;
         $this->Mail->Subject .= ': DKIM signing';
         $this->Mail->Body = 'This message is DKIM signed.';
         $this->buildBody();
-        $privatekeyfile = 'dkim_private.key';
+        $privatekeyfile = 'dkim_private.pem';
         //Make a new key pair
         //(2048 bits is the recommended minimum key length -
         //gmail won't accept less than 1024 bits)