dkim-genkey
generates (1) a private key for signing messages using
dkim-filter(8)
and (2) a DNS TXT record suitable for inclusion in a zone file which
publishes the matching public key for use by remote DKIM verifiers.
The filenames of these are based on the selector (see below); the private
key will have a suffix of ".private" and the TXT record will have a suffix
of ".txt".
OPTIONS
-b bits
Specifies the size of the key, in
bits,
to be generated. The default is 1024 which is the value recommended by
the DKIM specification.
-d domain
Names the
domain
which will use this key for signing. Currently only used in a comment in
the TXT record file. The default is "example.com".
-D directory
Instructs the tool to change to the named
directory
prior to creating files. By default the current directory is used.
-g granularity
Defines the key
granularity,
i.e. the user(s) who may use the key. The default is "*" meaning any
user can use the key.
-h algorithms
Specifies a list of hash
algorithms
which can be used with this key. By default all hash algorithms are allowed.
-n note
Includes arbitrary
note
text in the key record. By default, no such text is included.
-r
Restricts the key for use in e-mail signing only. The default is to allow
the key to be used for any service.
-s selector
Specifies the
selector,
or name, of the key pair generated. The default is "default".
-S
Disallows subdomain signing by this key. By default the key record will be
generated such that verifiers are told subdomain signing is permitted.
-t
Indicates the generated key record should be tagged such that verifiers are
aware DKIM is in test at the signing domain.
NOTES
Requires that the
openssl(8)
binary be installed and in the executing shell's search path.
VERSION
This man page covers the version of
dkim-genkey
that shipped with version 2.8.0 of
dkim-filter.
COPYRIGHT
Copyright (c) 2007, 2008 Sendmail, Inc. and its suppliers. All rights
reserved.