Man Linux: Main Page and Category List


       dkim-genkey - DKIM filter key generation tool


       dkim-genkey [options]


       dkim-genkey  generates  (1)  a  private  key for signing messages using
       dkim-filter(8) and (2) a DNS TXT record suitable  for  inclusion  in  a
       zone  file  which  publishes  the matching public key for use by remote
       DKIM verifiers.

       The filenames of these are based  on  the  selector  (see  below);  the
       private  key  will  have a suffix of ".private" and the TXT record will
       have a suffix of ".txt".


       -b bits
              Specifies the size of the key, in bits, to  be  generated.   The
              default  is  1024  which  is  the  value recommended by the DKIM

       -d domain
              Names the domain which will use this key for signing.  Currently
              only  used  in a comment in the TXT record file.  The default is

       -D directory
              Instructs the tool to change to the  named  directory  prior  to
              creating files.  By default the current directory is used.

       -g granularity
              Defines  the  key  granularity, i.e. the user(s) who may use the
              key.  The default is "*" meaning any user can use the key.

       -h algorithms
              Specifies a list of hash algorithms which can be used with  this
              key.  By default all hash algorithms are allowed.

       -n note
              Includes  arbitrary note text in the key record.  By default, no
              such text is included.

       -r     Restricts the key for use in e-mail signing only.   The  default
              is to allow the key to be used for any service.

       -s selector
              Specifies the selector, or name, of the key pair generated.  The
              default is "default".

       -S     Disallows subdomain signing by this key.   By  default  the  key
              record  will be generated such that verifiers are told subdomain
              signing is permitted.

       -t     Indicates the generated key record should be  tagged  such  that
              verifiers are aware DKIM is in test at the signing domain.


       Requires  that  the openssl(8) binary be installed and in the executing
       shell’s search path.


       This man page covers the  version  of  dkim-genkey  that  shipped  with
       version 2.8.0 of dkim-filter.


       Copyright  (c) 2007, 2008 Sendmail, Inc. and its suppliers.  All rights


       dkim-filter(8), openssl(8)

       RFC4871 - DomainKeys Identified Mail

                                Sendmail, Inc.                  dkim-genkey(8)