DKIM: document generation of RSA keys

author Jeremy Harris <jgh146exb@wizmail.org>

Sun, 25 Mar 2018 13:08:36 +0000 (14:08 +0100)

committer Jeremy Harris <jgh146exb@wizmail.org>

Sun, 25 Mar 2018 13:12:34 +0000 (14:12 +0100)
author Jeremy Harris <jgh146exb@wizmail.org>
Sun, 25 Mar 2018 13:08:36 +0000 (14:08 +0100)
committer Jeremy Harris <jgh146exb@wizmail.org>
Sun, 25 Mar 2018 13:12:34 +0000 (14:12 +0100)
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt

index 978d51fd7e59f78bcbd51d7652be086e27a74363..7d5b3b3cf159ff90aa797e4dd9f38b528cb4f99c 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -38932,6 +38932,20 @@ is set.
  .endlist
  
  .new
+To generate keys under OpenSSL:
+.code
+openssl genrsa -out dkim_rsa.private 2048
+openssl rsa -in dkim_rsa.private -out /dev/stdout -pubout -outform PEM
+.endd
+Take the base-64 lines from the output of the second command, concatenated,
+for the DNS TXT record.
+
+Under GnuTLS:
+.code
+certtool --generate-privkey --rsa --bits=2048 --password='' -8 --outfile=dkim_rsa.private
+certtool --load-privkey=dkim_rsa.private --pubkey-info
+.endd
+
  Note that RFC 8301 says:
  .code
  Signers MUST use RSA keys of at least 1024 bits for all keys.
author	Jeremy Harris <jgh146exb@wizmail.org>
	Sun, 25 Mar 2018 13:08:36 +0000 (14:08 +0100)
committer	Jeremy Harris <jgh146exb@wizmail.org>
	Sun, 25 Mar 2018 13:12:34 +0000 (14:12 +0100)