DKIM - key pair generation recommendations

dkim openssl

I wonder if it is okay to generate a key pair (.key and .cert files) for DKIM like this:

openssl req -newkey rsa:2048 -sha256 -x509 -nodes -days 3650 -keyout dkim-rsa.key -out dkim-rsa.cert

By reading RFC 6376 I can see that standards only demand RSA algorythm sha256 and maximum length of 2048. Are there any other recommenrdations that you would have for me before I create the keys?


Solution 1:

With DKIM you don't create an X.509 certificate, but just private and public keys:

openssl genrsa -out private.key 2048
openssl rsa -in private.key -pubout -out public.key

As the public key is not given in the message but fetched from the DNS it doesn't require the additional features of an X.509 certificate.

Related

Computers can't join domain - probably DNS issue
Risk of compromised Amazon SES SMTP Credentials?
Does rsync preserve hardlinks on the destination when source files are identical but separate?
Htacess Helicon APE false positive 403 Fail
ZFS interpret output of zdb -S tank
How to allow all traffic on a local interface using UFW?
Incorrect cache device after ZFS import
How to create a local user with the same name as a likewise domain user?
Apache 2.4 http auth doesn't prompt credentials
How to collapse a tibble by combining rows into a list?
VBA Macro that finds and replace the column name
Uncaught TypeError: Cannot read property 'split' of undefined window location