1dkim-genkey(8)              System Manager's Manual             dkim-genkey(8)
2
3
4

NAME

6       dkim-genkey - DKIM filter key generation tool
7

SYNOPSIS

9       dkim-genkey [options]
10

DESCRIPTION

12       dkim-genkey  generates  (1)  a  private  key for signing messages using
13       dkim-filter(8) and (2) a DNS TXT record suitable  for  inclusion  in  a
14       zone  file  which  publishes  the matching public key for use by remote
15       DKIM verifiers.
16
17       The filenames of these are based on the selector (see below); the  pri‐
18       vate  key will have a suffix of ".private" and the TXT record will have
19       a suffix of ".txt".
20

OPTIONS

22       -b bits
23              Specifies the size of the key, in bits, to  be  generated.   The
24              default is 1024 which is the value recommended by the DKIM spec‐
25              ification.
26
27
28       -d domain
29              Names the domain which will use this key for signing.  Currently
30              only  used  in a comment in the TXT record file.  The default is
31              "example.com".
32
33
34       -D directory
35              Instructs the tool to change to the  named  directory  prior  to
36              creating files.  By default the current directory is used.
37
38
39       -g granularity
40              Defines  the  key  granularity, i.e. the user(s) who may use the
41              key.  The default is "*" meaning any user can use the key.
42
43
44       -h algorithms
45              Specifies a list of hash algorithms which can be used with  this
46              key.  By default all hash algorithms are allowed.
47
48
49       -n note
50              Includes  arbitrary note text in the key record.  By default, no
51              such text is included.
52
53
54       -r     Restricts the key for use in e-mail signing only.   The  default
55              is to allow the key to be used for any service.
56
57
58       -s selector
59              Specifies the selector, or name, of the key pair generated.  The
60              default is "default".
61
62
63       -S     Disallows subdomain signing by this key.   By  default  the  key
64              record  will be generated such that verifiers are told subdomain
65              signing is permitted.
66
67
68       -t     Indicates the generated key record should be  tagged  such  that
69              verifiers are aware DKIM is in test at the signing domain.
70

NOTES

72       Requires  that  the openssl(8) binary be installed and in the executing
73       shell's search path.
74

VERSION

76       This man page covers the version of dkim-genkey that shipped with  ver‐
77       sion 2.8.0 of dkim-filter.
78

80       Copyright  (c) 2007, 2008 Sendmail, Inc. and its suppliers.  All rights
81       reserved.
82

SEE ALSO

84       dkim-filter(8), openssl(8)
85
86       RFC4871 - DomainKeys Identified Mail
87
88
89
90                                Sendmail, Inc.                  dkim-genkey(8)
Impressum