projects
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
DKIM: document proper Ed25519 key-generation methods; remove helper program
[exim.git]
/
doc
/
doc-docbook
/
spec.xfpt
diff --git
a/doc/doc-docbook/spec.xfpt
b/doc/doc-docbook/spec.xfpt
index b65b6fe5b6cc60e4e4b633d3fa5efaadffb94c60..814afc1ebe5810079e501175398a4df6467f9393 100644
(file)
--- a/
doc/doc-docbook/spec.xfpt
+++ b/
doc/doc-docbook/spec.xfpt
@@
-38967,19
+38967,16
@@
for some transition period.
The "_CRYPTO_SIGN_ED25519" macro will be defined if support is present
for EC keys.
The "_CRYPTO_SIGN_ED25519" macro will be defined if support is present
for EC keys.
-As of writing, producing EC key materials is not well supported
-by the major libraries. OpenSSL 1.1.1 and GnuTLS 3.6.0 can create private keys:
+OpenSSL 1.1.1 and GnuTLS 3.6.0 can create Ed25519 private keys:
.code
openssl genpkey -algorithm ed25519 -out dkim_ed25519.private
certtool --generate-privkey --key-type=ed25519 --outfile=dkim_ed25519.private
.endd
.code
openssl genpkey -algorithm ed25519 -out dkim_ed25519.private
certtool --generate-privkey --key-type=ed25519 --outfile=dkim_ed25519.private
.endd
-To help in producing the required public key value for a DNS record
-the release package &_util/_& directory contains source for a utility
-buildable with GnuTLS 3.6.0;
-use it like this:
+To produce the required public key value for a DNS record:
.code
.code
-ed25519_privkey_pem_to_pubkey_raw_b64 dkim_ed25519.private
+openssl pkey -outform DER -pubout -in dkim_ed25519.private | tail -c +13 | base64
+certtool --load_privkey=dkim_ed25519.private --pubkey_info --outder | tail -c +13 | base64
.endd
.wen
.endd
.wen