Provided by: opendkim-tools_2.9.1-1_amd64
NAME
opendkim-genkey - DKIM filter key generation tool
SYNOPSIS
opendkim-genkey [options]
DESCRIPTION
opendkim-genkey generates (1) a private key for signing messages using opendkim(8) and (2) a DNS TXT record suitable for inclusion in a zone file which publishes the matching public key for use by remote DKIM verifiers. The filenames of these are based on the selector (see below); the private key will have a suffix of ".private" and the TXT record will have a suffix of ".txt". Both long and short names are supported for most options.
OPTIONS
-a (--append-domain) Appends the domain name (see -d below) to the label in the generated TXT record, followed by a trailing period. By default it is assumed the domain name is implicit from the context of the zone file, and is therefore not included in the output. -b bits (--bits=n) Specifies the size of the key, in bits, to be generated. The default is 1024 which is the value recommended by the DKIM specification. -d domain (--domain=string) Names the domain which will use this key for signing. Currently only used in a comment in the TXT record file. The default is "example.com". -D directory (--directory=path) Instructs the tool to change to the named directory prior to creating files. By default the current directory is used. -h algorithms (--hash-algorithms=name[:name[...]]) Specifies a list of hash algorithms which can be used with this key. By default all hash algorithms are allowed. --help Print a help message and exit. -n note (--note=string) Includes arbitrary note text in the key record. By default, no such text is included. -r (--restricted) Restricts the key for use in e-mail signing only. The default is to allow the key to be used for any service. -s selector (--selector=name) Specifies the selector, or name, of the key pair generated. The default is "default". -S (--[no]subdomains) Disallows subdomain signing by this key. By default the key record will be generated such that verifiers are told subdomain signing is permitted. Note that for backward compatibility reasons, -S means the same as --nosubdomains. -t (--[no]testmode) Indicates the generated key record should be tagged such that verifiers are aware DKIM is in test at the signing domain. -v (--verbose) Increase verbose output. -V (--version) Print version number and exit.
NOTES
Requires that the openssl(8) binary be installed and in the executing shell's search path.
VERSION
This man page covers the version of opendkim-genkey that shipped with version 2.9.1 of OpenDKIM.
COPYRIGHT
Copyright (c) 2007, 2008 Sendmail, Inc. and its suppliers. All rights reserved. Copyright (c) 2009, 2011-2013, The Trusted Domain Project. All rights reserved.
SEE ALSO
opendkim(8), openssl(8) RFC6376 - DomainKeys Identified Mail The Trusted Domain Project opendkim-genkey(8)