User:Paul/sandbox/Configure ed25519 DKIM signing
Jump to navigation
Jump to search
Use ed25519 signing key
Since many registrars still do not allow more than 255 characters in a DNS record, and some receiving servers cannot use DNS records greater than 255 characters, it may be preferable to use the newer ed2219 key to sign with. While the key MUST be accepted by verifiers, it is not currently known how many servers have adopted this newer (2018) standard.
root@servername:~# openssl genpkey -algorithm ed25519 -out /etc/opendkim/keys/example.com/dkim_private.pem root@servername:~# openssl pkey -in /etc/opendkim/keys/example.com/dkim_private.pem -pubout -out /etc/opendkim/keys/example.com/dkim_public.pem root@servername:~# openssl asn1parse -in /etc/opendkim/keys/example.com/dkim_public.pem -offset 12 -noout -out /dev/stdout | openssl base64 > /etc/opendkim/keys/example.com/dkim_dns.txt root@servername:~# nano /etc/opendkim/keys/example.com/dkim_dns.txt