Provided by: opendkim-tools_2.9.1-1_amd64 bug

NAME

       opendkim-genkey - DKIM filter key generation tool

SYNOPSIS

       opendkim-genkey [options]

DESCRIPTION

       opendkim-genkey generates (1) a private key for signing messages using opendkim(8) and (2)
       a DNS TXT record suitable for inclusion in a zone file which publishes the matching public
       key for use by remote DKIM verifiers.

       The  filenames of these are based on the selector (see below); the private key will have a
       suffix of ".private" and the TXT record will have a suffix of ".txt".

       Both long and short names are supported for most options.

OPTIONS

       -a     (--append-domain) Appends the domain name (see  -d  below)  to  the  label  in  the
              generated  TXT record, followed by a trailing period.  By default it is assumed the
              domain name is implicit from the context of the zone file,  and  is  therefore  not
              included in the output.

       -b bits
              (--bits=n) Specifies the size of the key, in bits, to be generated.  The default is
              1024 which is the value recommended by the DKIM specification.

       -d domain
              (--domain=string) Names the domain which will use this key for signing.   Currently
              only used in a comment in the TXT record file.  The default is "example.com".

       -D directory
              (--directory=path)  Instructs  the  tool  to change to the named directory prior to
              creating files.  By default the current directory is used.

       -h algorithms
              (--hash-algorithms=name[:name[...]])  Specifies a list of hash algorithms which can
              be used with this key.  By default all hash algorithms are allowed.

       --help Print a help message and exit.

       -n note
              (--note=string)  Includes  arbitrary  note  text in the key record.  By default, no
              such text is included.

       -r     (--restricted) Restricts the key for use in e-mail signing only.  The default is to
              allow the key to be used for any service.

       -s selector
              (--selector=name)  Specifies the selector, or name, of the key pair generated.  The
              default is "default".

       -S     (--[no]subdomains) Disallows subdomain signing by this key.   By  default  the  key
              record  will  be  generated  such  that  verifiers  are  told  subdomain signing is
              permitted.  Note that for backward compatibility reasons,  -S  means  the  same  as
              --nosubdomains.

       -t     (--[no]testmode)  Indicates  the  generated  key  record should be tagged such that
              verifiers are aware DKIM is in test at the signing domain.

       -v     (--verbose) Increase verbose output.

       -V     (--version) Print version number and exit.

NOTES

       Requires that the openssl(8) binary be installed and in the executing shell's search path.

VERSION

       This man page covers the version of opendkim-genkey that shipped  with  version  2.9.1  of
       OpenDKIM.

COPYRIGHT

       Copyright (c) 2007, 2008 Sendmail, Inc. and its suppliers.  All rights reserved.

       Copyright (c) 2009, 2011-2013, The Trusted Domain Project.  All rights reserved.

SEE ALSO

       opendkim(8), openssl(8)

       RFC6376 - DomainKeys Identified Mail

                                    The Trusted Domain Project                 opendkim-genkey(8)