User:Paul/sandbox/Configure ed25519 DKIM signing

From UNPM.org Wiki
Jump to navigation Jump to search

Use ed25519 signing key

Since many registrars still do not allow more than 255 characters in a DNS record, and some receiving servers cannot use DNS records greater than 255 characters, it may be preferable to use the newer ed2219 key to sign with. While the key MUST be accepted by verifiers, it is not currently known how many servers have adopted this newer (2018) standard. 

root@servername:~# openssl genpkey -algorithm ed25519 -out /etc/opendkim/keys/example.com/dkim_private.pem
root@servername:~# openssl pkey -in /etc/opendkim/keys/example.com/dkim_private.pem -pubout -out /etc/opendkim/keys/example.com/dkim_public.pem
root@servername:~# openssl asn1parse -in /etc/opendkim/keys/example.com/dkim_public.pem -offset 12 -noout -out /dev/stdout | openssl base64 > /etc/opendkim/keys/example.com/dkim_dns.txt
root@servername:~# nano /etc/opendkim/keys/example.com/dkim_dns.txt
Retrieved from "http://www.unpm.org/wiki/index.php?title=User:Paul/sandbox/Configure_ed25519_DKIM_signing&oldid=1136"