[Cryptography] How to prove Wikileaks' emails aren't altered

[John Levine]

>Also haven't looked but I suspect DKIM considers hash over
>body message (and possibly other chunks) as optional. In that
>case of course body content would be forgeable.

Rather than guessing, how about reading the RFC?

In principle a signature can contain l=0 which means the body hash
only contains the first zero bytes of the body, but normally it hashes
the whole body so you know the message body you've got is the one it
signed.  Since it takes literally five seconds to download the
messages in question and examine the signatures to see if there's an
l=, I'll leave it as an exercise for the interested reader.

Also, while Jon is correct that the design of DKIM allows anyone to
sign anything, in practice, gmail doesn't let one gmail user send mail
as another. The chances that a signed gmail-to-gmail message is not
what it appears are very low unless you believe that someone has
stolen the DKIM signing key and nobody at Gmail has noticed and
rotated to a new key.

R's,
John

PS: I have to admit I'm surprised that Gmail hasn't rotated the
signing key in four years.  Typical times are one or two times a year.
I rotate mine every month, just because I can.