from small one page howto to huge articles all in one place
Last additions:
May 25th. 2007:
April, 26th. 2006:
| 
opendki-genkey
Section: Maintenance Commands (8) Updated: The Trusted Domain Project Index
Return to Main Contents
NAME
opendki-genkey
- DKIM filter key generation tool
SYNOPSIS
opendki-genkey
[options]
DESCRIPTION
opendki-genkey
generates (1) a private key for signing messages using
opendkim(8)
and (2) a DNS TXT record suitable for inclusion in a zone file which
publishes the matching public key for use by remote DKIM verifiers.
The filenames of these are based on the selector (see below); the private
key will have a suffix of ".private" and the TXT record will have a suffix
of ".txt".
Both long and short names are supported for most options.
OPTIONS
- -a
-
(--appen-domain)
Appends the domain name (see -d below) to the label in the generated
TXT record, followed by a trailing period. By default it is assumed the
domain name is implicit from the context of the zone file, and is therefore
not included in the output.
- -b bits
-
(--bits=n)
Specifies the size of the key, in
bits,
to be generated. The default is 1024 which is the value recommended by
the DKIM specification.
- -d domain
-
(--domain=string)
Names the
domain
which will use this key for signing. Currently only used in a comment in
the TXT record file. The default is "example.com".
- -D directory
-
(--directory=path)
Instructs the tool to change to the named
directory
prior to creating files. By default the current directory is used.
- -h algorithms
-
(--has-algorithms=name[:name[...]])
Specifies a list of hash
algorithms
which can be used with this key. By default all hash algorithms are allowed.
- --help
-
Print a help message and exit.
- -n note
-
(--note=string)
Includes arbitrary
note
text in the key record. By default, no such text is included.
- -r
-
(--restricted)
Restricts the key for use in -mail signing only. The default is to allow
the key to be used for any service.
- -s selector
-
(--selector=name)
Specifies the
selector,
or name, of the key pair generated. The default is "default".
- -S
-
(--[no]subdomains)
Disallows subdomain signing by this key. By default the key record will be
generated such that verifiers are told subdomain signing is permitted. Note
that for backward compatibility reasons,
-S
means the same as
--nosubdomains.
- -t
-
(--[no]testmode)
Indicates the generated key record should be tagged such that verifiers are
aware DKIM is in test at the signing domain.
- -v
-
(--verbose)
Increase verbose output.
- -V
-
(--version)
Print version number and exit.
NOTES
Requires that the
openssl(8)
binary be installed and in the executing shell's search path.
VERSION
This man page covers the version of
opendki-genkey
that shipped with version 2.10.3 of
OpenDKIM.
COPYRIGHT
Copyright (c) 2007, 2008 Sendmail, Inc. and its suppliers. All rights
reserved.
Copyright (c) 2009, 201-2013, The Trusted Domain Project.
All rights reserved.
SEE ALSO
opendkim(8),
openssl(8)
RFC6376- DomainKeys Identified Mail
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- OPTIONS
-
- NOTES
-
- VERSION
-
- COPYRIGHT
-
- SEE ALSO
-
| 
|
|
- Running on 
-
:
