Provided by: python-dkim_0.7.1-1_all bug


       dknewkey - Generates new DKIM public/private key pairs




       dknewykey generates new DKIM keys.

       For RSA keys, it defaults to 2048 bit key size.  This is controlled by the BITS_REQUIRED
       variable. ed25519 keys do not have a variable size.

       For RSA keys, it uses openssl to do the generation.  By default it assumes this is located
       at /usr/bin/openssl.  This is controlled by the OPENSSL_BINARY variable.  For ed25519
       keys, PyNaCl (python-nacl in Debian and derivatives) is used.  For RSA keys k=2ha256 is
       now included in the public DNS record to prevent inadvertent use with the now obsolete
       sha1 hash algorithm (See RFC 8301).

USAGE [-h] [--ktype {rsa,ed25519}] key_name

       mandatory positional arguments:

       optional arguments:
         -h, --help            show this help message and exit
         --ktype {rsa,ed25519}
                               DKIM key type: Default is rsa

       NOTE: Depending on the packaging and distribution, the exact path and name for the
       executable may vary.


       This version of dknewkey was written by Brandon Long <>.  It has been
       substantially rewritten by Scott Kitterman <>.

       This man-page was created by Scott Kitterman <> and is licensed under
       the same terms as dkimpy.

                                            2018-02-05                                dknewkey(1)