dknewkey - Man Page

Generates new DKIM public/private key pairs

Version

0.8.0

Description

dknewykey generates new DKIM keys.

For RSA keys, it defaults to 2048 bit key size.  This is controlled by the BITS_REQUIRED variable. ed25519 keys do not have a variable size.

For RSA keys, it uses openssl to do the generation.  By default it assumes this is located at /usr/bin/openssl.  This is controlled by the OPENSSL_BINARY variable.  For ed25519 keys, PyNaCl (python-nacl in Debian and derivatives) is used.  For RSA keys k=sha256 is now included in the public DNS record to prevent inadvertent use with the now obsolete sha1 hash algorithm (See RFC 8301).

Usage

dknewkey.py [-h] [--ktype {rsa,ed25519}] key_name

mandatory positional arguments:
 key_name

optional arguments:
 -h, --help            show this help message and exit
 --ktype {rsa,ed25519}
                       DKIM key type: Default is rsa

NOTE: Depending on the packaging and distribution, the exact path and name for the executable may vary.

Authors

This version of dknewkey was written by Brandon Long <blong@google.com>. It has been substantially rewritten by Scott Kitterman <scott@kitterman.com>.

This man-page was created by Scott Kitterman <scott@kitterman.com> and is licensed under the same terms as dkimpy.

Info

2018-02-05