diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2018-03-25 14:08:36 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2018-03-25 14:12:34 +0100 |
| commit | f3908561b1eef15d57608ab6b346125bf2a11478 (patch) | |
| tree | 2b7e856fb5ff69e6c5fec5bd6ca28cd3083344bb | |
| parent | 3478b06a31d23f9d519ee4541cb3d8b51afc299d (diff) | |
| download | exim4-f3908561b1eef15d57608ab6b346125bf2a11478.tar.gz | |
DKIM: document generation of RSA keys
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 978d51fd7..7d5b3b3cf 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -38932,6 +38932,20 @@ is set. .endlist .new +To generate keys under OpenSSL: +.code +openssl genrsa -out dkim_rsa.private 2048 +openssl rsa -in dkim_rsa.private -out /dev/stdout -pubout -outform PEM +.endd +Take the base-64 lines from the output of the second command, concatenated, +for the DNS TXT record. + +Under GnuTLS: +.code +certtool --generate-privkey --rsa --bits=2048 --password='' -8 --outfile=dkim_rsa.private +certtool --load-privkey=dkim_rsa.private --pubkey-info +.endd + Note that RFC 8301 says: .code Signers MUST use RSA keys of at least 1024 bits for all keys. |