DKIM: document generation of RSA keys

author: Jeremy Harris <jgh146exb@wizmail.org> 2018-03-25 14:08:36 +0100
committer: Jeremy Harris <jgh146exb@wizmail.org> 2018-03-25 14:12:34 +0100
commit: f3908561b1eef15d57608ab6b346125bf2a11478 (patch)
tree: 2b7e856fb5ff69e6c5fec5bd6ca28cd3083344bb /doc
parent: 3478b06a31d23f9d519ee4541cb3d8b51afc299d (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 978d51fd7..7d5b3b3cf 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -38932,6 +38932,20 @@ is set.
 .endlist
 
 .new
+To generate keys under OpenSSL:
+.code
+openssl genrsa -out dkim_rsa.private 2048
+openssl rsa -in dkim_rsa.private -out /dev/stdout -pubout -outform PEM
+.endd
+Take the base-64 lines from the output of the second command, concatenated,
+for the DNS TXT record.
+
+Under GnuTLS:
+.code
+certtool --generate-privkey --rsa --bits=2048 --password='' -8 --outfile=dkim_rsa.private
+certtool --load-privkey=dkim_rsa.private --pubkey-info
+.endd
+
 Note that RFC 8301 says:
 .code
 Signers MUST use RSA keys of at least 1024 bits for all keys.
author	Jeremy Harris <jgh146exb@wizmail.org>	2018-03-25 14:08:36 +0100
committer	Jeremy Harris <jgh146exb@wizmail.org>	2018-03-25 14:12:34 +0100
commit	f3908561b1eef15d57608ab6b346125bf2a11478 (patch)
tree	2b7e856fb5ff69e6c5fec5bd6ca28cd3083344bb /doc
parent	3478b06a31d23f9d519ee4541cb3d8b51afc299d (diff)