How do I generate an a=rsa-sha256 key for DKIM?
Summary
What email marketers say8Marketer opinions
Marketer from Email Geeks shares that for key length, the maximum length equals maximum security.
Marketer from Email Geeks suggests being cautious when using websites to generate DKIM keys, and advises to use OpenSSL to create a script for generating your own keys.
Email marketer from StackExchange responds to a user stating to generate your public and private keys with openssl by using the following command `openssl genrsa -out example.com.private 1024`.
Email marketer from EmailOnAcid explains to generate a DKIM key using OpenSSL, the command to use is `openssl genrsa -out domain.private 2048`. This command creates the private key; a corresponding public key can then be extracted for use in your DNS settings.
Email marketer from EasyDMARC explains the process of generating DKIM keys with OpenSSL involves using the command `openssl genrsa -out yourdomain.private 2048`. They also highlight the importance of securing the private key.
Email marketer from MXToolbox explains that DKIM keys are generated using a cryptographic algorithm, and OpenSSL is commonly used with commands similar to `openssl genrsa -out private.key 2048`. This tool generates a private key to be kept secret and a public key for DNS records.
Email marketer from AuthSMTP advises using OpenSSL to generate the DKIM key. The command they recommend is `openssl genrsa -out private.pem 2048`, noting that the private key must be securely stored and the public key added to your DNS records.
Email marketer from Reddit shares that when generating the DKIM key, a key size of 2048 is recommended for better security, using the `openssl genrsa -out dkim.private 2048` command.
What the experts say2Expert opinions
Expert from Spam Resource (John Levine) explains that generating an RSA key for DKIM typically involves using OpenSSL with a command like `openssl genrsa -out example.com.private 2048`. This creates a private key, and you then extract the public key for your DNS record.
Expert from Email Geeks mentions that many ESPs direct customers to dkimcore.org for DKIM information and shares a link to the specification page.
What the documentation says4Technical articles
Documentation from dkimcore.org explains that DKIM keys can be generated using OpenSSL with commands like `openssl genrsa -out example.com.private 1024` to generate a private key and `openssl rsa -in example.com.private -pubout -out example.com.public` to extract the public key.
Documentation from OpenSSL Wiki details that to generate an RSA key for DKIM using OpenSSL, you use `openssl genrsa -out dkim.private 2048` (adjust 2048 for key length).
Documentation from RFC 6376 (section 3.1) specifies the use of RSA for DKIM and implies the usage of standard tools like OpenSSL to generate the necessary private and public key pairs. The document outlines the requirements for key length but doesn't provide specific commands, deferring to standard cryptographic practices.
Documentation from Mailhardener explains how to create a DKIM record with OpenSSL using the command `openssl genrsa -out example.com.private 2048` to generate the private key and then extracting the public key using `openssl rsa -in example.com.private -pubout -out example.com.public`. The public key is then used in your DNS record.