Changes

Jump to navigation Jump to search
919 bytes added ,  07:50, 29 July 2023
no edit summary
Line 52: Line 52:  
To test DKIM, send an email to autorespond+dkim@dk.elandsys.com
 
To test DKIM, send an email to autorespond+dkim@dk.elandsys.com
    +
 +
To generate an ed25519 key to use for DKIM, you can use openssl
 +
 +
  # Generate ed25519 key
 +
  $ openssl genpkey -algorithm ed25519 -out dkim_private.pem
 +
  # Generate public key from private key
 +
  $ openssl pkey -in dkim_private.pem -pubout -out dkim_public.pem
 +
 +
For ed25519 keys, the p value in the DKIM record must only contain the BASE64 encoded public key, without an ASN.1 structure
 +
 +
  $ openssl asn1parse -in dkim_public.pem -offset 12 -noout -out /dev/stdout | openssl base64
 +
  VGhpcyBpcyBqc3V0ZSBhc29ka2ZvYXNrZWpkZmtsc2pkZgo=
 +
 +
Your entry would look like this
 +
 +
  default._domainkey.hostname      TXT    "v=DKIM1; g=*; k=ed25519; p=VGhpcyBpcyBqc3V0ZSBhc29ka2ZvYXNrZWpkZmtsc2pkZgo="
 +
  _adsp._domainkey.hostname        TXT    "dkim=unknown"
 +
 +
Ensure your private key is on hostname and specify the path to it when using a tool like opendkim - /etc/opendkim.conf -, with
 +
the user and group of the key being opendkim.
    
== See also ==
 
== See also ==
101

edits

Navigation menu