Poster of Linux kernelThe best gift for a Linux geek
opendkim-genkey

opendkim-genkey

Section: Maintenance Commands (8) Updated: The OpenDKIM Project
Local index Up
 

NAME

opendkim-genkey - DKIM filter key generation tool  

SYNOPSIS

opendkim-genkey [options]  

DESCRIPTION

opendkim-genkey generates (1) a private key for signing messages using opendkim(8) and (2) a DNS TXT record suitable for inclusion in a zone file which publishes the matching public key for use by remote DKIM verifiers.

The filenames of these are based on the selector (see below); the private key will have a suffix of ".private" and the TXT record will have a suffix of ".txt".  

OPTIONS

-b bits
Specifies the size of the key, in bits, to be generated. The default is 1024 which is the value recommended by the DKIM specification.

-d domain
Names the domain which will use this key for signing. Currently only used in a comment in the TXT record file. The default is "example.com".

-D directory
Instructs the tool to change to the named directory prior to creating files. By default the current directory is used.

-f user
Defines the user part of the email address user@domain which will received ARF (draft-ietf-marf-base) feedback reports if a DKIM signature fails as part of draft-ietf-marf-dkim-reporting. By default this is set to postmaster.

-ff format
Defines the feedback format of draft-ietf-marf-dkim-reporting. Options are arf and smtp. By default the arf format is used.

-fi interval
Defines the number that specifies the interval in which no more that one report should be sent. By default interval equates to 0 requesting all reports.

-g granularity
Defines the key granularity, i.e. the user(s) who may use the key. The default is "*" meaning any user can use the key.

-h algorithms
Specifies a list of hash algorithms which can be used with this key. By default all hash algorithms are allowed.

-n note
Includes arbitrary note text in the key record. By default, no such text is included.

-r
Restricts the key for use in e-mail signing only. The default is to allow the key to be used for any service.

-s selector
Specifies the selector, or name, of the key pair generated. The default is "default".

-S
Disallows subdomain signing by this key. By default the key record will be generated such that verifiers are told subdomain signing is permitted.

-t
Indicates the generated key record should be tagged such that verifiers are aware DKIM is in test at the signing domain.
 

NOTES

Requires that the openssl(8) binary be installed and in the executing shell's search path.  

VERSION

This man page covers the version of opendkim-genkey that shipped with version 2.3.2 of OpenDKIM.  

COPYRIGHT

Copyright (c) 2007, 2008 Sendmail, Inc. and its suppliers. All rights reserved.

Copyright (c) 2009, The OpenDKIM Project. All rights reserved.  

SEE ALSO

opendkim(8), openssl(8)

RFC4871 - DomainKeys Identified Mail


 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
NOTES
VERSION
COPYRIGHT
SEE ALSO

This document was created by man2html, using the manual pages.
Time: 22:02:05 GMT, April 16, 2011