DomainKeys Public/Private Key-pair Generation | Last Updated: July 9, 2005 |
Command Line Tools Available |
|
Perhaps the easiest way to generate DomainKeys public/private key-pairs is to use the CPAN command line tools available. The tool can create a key-pair, and format them for DNS publication. | |
Generating a private-key for the MTA |
|
For ease of explanation, the openssl command is used throughout this document to describe the mechanism by which keys are managed. One way to generate a 768 bit private-key suitable for DomainKeys, is to use openssl like this: $ openssl genrsa -out rsa.private 768 Which results in the file rsa.private containing the key information -----BEGIN RSA PRIVATE KEY----- This private key will be inserted into your DomainKeys-enabled MTA. Your MTA or plugin should provide instructions on how to do so. |
|
Generating the public-key for the DNS selector record |
|
To extract the public-key component from the private-key, use openssl like this: $ openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM Which results in the file rsa.public containing the key information similar to this: -----BEGIN PUBLIC KEY----- This public-key data is placed in the selector's DNS record as the value of p. Thus, a selector's record may look like: k=rsa; t=y; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAKJ2lzDLZ8XlVambQfMXn3LRGKOD5o6l MIgulclWjZwP56LRqdg5ZX15bhc/GsvW8xW/R5Sh1NnkJNyL/cqY1a+GzzL47t7E XzVc+nRLWT1kwTvFNGIoAUsFUq+J6+OprwIDAQAB; |