opendkim-genkey(8)

1opendkim-genkey(8)          System Manager's Manual         opendkim-genkey(8)
2
3
4

NAME

6       opendkim-genkey - DKIM filter key generation tool
7

SYNOPSIS

9       opendkim-genkey [options]
10

DESCRIPTION

12       opendkim-genkey  [22mgenerates (1) a private key for signing messages using
13       opendkim(8) and (2) a DNS TXT record suitable for inclusion in  a  zone
14       file  which  publishes  the  matching public key for use by remote DKIM
15       verifiers.
16
17       The filenames of these are based on the selector (see below); the  pri‐
18       vate  key will have a suffix of ".private" and the TXT record will have
19       a suffix of ".txt".
20
21       Both long and short names are supported for most options.
22

OPTIONS

24       -a     (--append-domain) Appends the domain name (see -d below) to  the
25              label  in  the  generated  TXT  record,  followed  by a trailing
26              period.  By default it is assumed the domain  name  is  implicit
27              from the context of the zone file, and is therefore not included
28              in the output.
29
30
31       -b bits
32              (--bits=n) Specifies the size of the key, in bits, to be  gener‐
33              ated.  The default is 1024 which is the value recommended by the
34              DKIM specification.
35
36
37       -d domain
38              (--domain=string) Names the domain which will use this  key  for
39              signing.   Currently  only  used  in a comment in the TXT record
40              file.  The default is "example.com".
41
42
43       -D directory
44              (--directory=path) Instructs the tool to  change  to  the  named
45              directory  prior  to  creating  files.   By  default the current
46              directory is used.
47
48
49       -h algorithms
50              (--hash-algorithms=name[:name[...]])  Specifies a list  of  hash
51              algorithms which can be used with this key.  By default all hash
52              algorithms are allowed.
53
54
55       --help Print a help message and exit.
56
57
58       -n note
59              (--note=string) Includes arbitrary note text in the key  record.
60              By default, no such text is included.
61
62
63       -r     (--restricted) Restricts the key for use in e-mail signing only.
64              The default is to allow the key to be used for any service.
65
66
67       -s selector
68              (--selector=name) Specifies the selector, or name,  of  the  key
69              pair generated.  The default is "default".
70
71
72       -S     (--[no]subdomains)  Disallows subdomain signing by this key.  By
73              default the key record will be generated such that verifiers are
74              told  subdomain  signing  is  permitted.  Note that for backward
75              compatibility reasons, -S means the same as --nosubdomains.
76
77
78       -t     (--[no]testmode) Indicates the generated key  record  should  be
79              tagged  such  that  verifiers  are  aware DKIM is in test at the
80              signing domain.
81
82
83       -v     (--verbose) Increase verbose output.
84
85
86       -V     (--version) Print version number and exit.
87

NOTES

89       Requires that the openssl(8) binary be installed and in  the  executing
90       shell's search path.
91

VERSION

93       This  man  page covers the version of opendkim-genkey that shipped with
94       version 2.11.0 of OpenDKIM.
95

COPYRIGHT

97       Copyright (c) 2007, 2008 Sendmail, Inc. and its suppliers.  All  rights
98       reserved.
99
100       Copyright  (c) 2009, 2011-2013, The Trusted Domain Project.  All rights
101       reserved.
102