How to quickly identify DKIM key length (1024 or 2048)?

8 Marketer opinions 4 Expert opinions 4 Technical articles 4 Resources

Summary

Identifying DKIM key length (1024 or 2048 bits) can be achieved using several methods. The most common approach involves using OpenSSL, a command-line tool, to analyze the DKIM public key. This involves extracting the DKIM record from your DNS, saving the public key to a file, and then using OpenSSL commands (e.g., `openssl rsa -in key.pem -text -noout`) to display the key's details, including the modulus (which indicates key length). Several variations of the OpenSSL command exist. Alternatively, various online DKIM validator tools (e.g., dkimvalidator.com, MXToolbox, mail-tester.com) offer a simpler, user-friendly way to automatically check the DKIM record and display the key size. Some services like Wombatmail also provide such a function. A proper DKIM key should be at least 1024 bits.

Key findings

OpenSSL Methods: OpenSSL, a command-line tool, is frequently cited as a method to examine the public key to discover its length. Several command options exist with slightly different output.
Online DKIM Validators: Multiple online DKIM validation tools provide key length automatically (e.g., dkimvalidator.com, MXToolbox).
Minimum Key Length: A proper DKIM key requires a key length of 1024 bits or greater.
Extraction Required: Regardless of the method, the DKIM record (specifically the public key) must be extracted from the DNS.

Key considerations

Technical Expertise (OpenSSL): Using OpenSSL requires familiarity with command-line interfaces and the proper formatting of the key. This may present a barrier for non-technical users.
Tool Reliability (Online Validators): It's important to verify the reliability and trustworthiness of online DKIM validators.
DNS Access Required: Access to the DNS records is required to extract the DKIM public key, regardless of the chosen method.

What email marketers say
8Marketer opinions

Identifying DKIM key length involves several methods, primarily using OpenSSL commands or online DKIM validator tools. OpenSSL requires extracting the DKIM record from the DNS, saving the public key to a file, and then using commands like `openssl rsa -in key.pem -text -noout` to view the key's details, including the modulus that indicates key length. Alternatively, online tools like dkimvalidator.com and MXToolbox can automatically check DKIM records and display the key size, offering a more user-friendly approach.

Key opinions

OpenSSL Method: Using OpenSSL involves extracting the DKIM record, saving the public key, and executing commands to reveal the key's modulus, indicating its length.
Online Validators: Online tools like dkimvalidator.com and MXToolbox offer a simplified approach by automatically checking DKIM records and displaying the key size.
DNS Record Visibility: The DKIM key size is not directly visible in the DNS TXT record; the public key must be extracted and analyzed.

Key considerations

Technical Skill: Using OpenSSL requires technical knowledge and command-line proficiency, which might be challenging for some users.
Tool Accuracy: Ensure the accuracy of online DKIM validators, as some may provide incorrect or outdated information.
Accessibility: Online tools provide an accessible alternative, but consider potential privacy implications when using third-party validators.

Marketer view

Email marketer from UnlockTheInbox shares that in the DNS TXT record for DKIM, the key size isn't directly visible, as the record contains the public key itself. To find the key size, you must extract the public key from the DNS record and then use a tool like OpenSSL to analyze it.

October 2021 - unlocktheinbox.com

Marketer view

Email marketer from SuperUser recommends using online DKIM validators like dkimvalidator.com to check the key size, providing a user-friendly alternative to command-line tools.

February 2023 - SuperUser

Marketer view

Email marketer from dkimvalidator.com details you can use dkimvalidator.com to check the DKIM record and it automatically shows you the DKIM key size. You send an email to the specified address, and it will respond with a report that includes DKIM information.

September 2023 - dkimvalidator.com

Marketer view

Email marketer from Reddit shares that you can use OpenSSL to determine the key size. Using the command: `openssl rsa -in yourkey.pem -text -noout` will output the key details, including the modulus which represents the key length.

July 2021 - Reddit

What the experts say
4Expert opinions

Identifying DKIM key length can be achieved through several methods. Wombatmail offers a tool for identification, while OpenSSL commands on Mac/Unix provide a command-line approach, requiring proper formatting of the key information. A Python script on GitHub is also available for this purpose. Regardless of the method, it's important to ensure the DKIM key length is 1024 bits or greater for proper security.

Key opinions

Wombatmail Tool: Wombatmail provides a user-friendly tool for identifying DKIM key length.
OpenSSL Command: OpenSSL on Mac/Unix allows for command-line identification, but requires understanding of the command and key formatting.
Python Script: A Python script on GitHub offers a programmatic way to identify DKIM key length.
Minimum Key Length: A DKIM key should be at least 1024 bits long to be considered proper and secure.

Key considerations

Tool Accessibility: Consider the accessibility and ease of use of each method, as Wombatmail might be simpler for non-technical users compared to OpenSSL or the Python script.
Technical Expertise: OpenSSL and the Python script require some level of technical expertise to implement and interpret the results.
Key Length Requirement: Always verify that the DKIM key meets the minimum recommended length of 1024 bits for adequate security.

Expert view

Expert from Email Geeks shares that Wombatmail can be used to identify DKIM key length and provides an example link.

October 2022 - Email Geeks

Expert view

Expert from Email Geeks explains how to use the OpenSSL command on Mac/Unix to identify DKIM key length, providing the command and explaining how to format the key information.

September 2022 - Email Geeks

Expert view

Expert from Email Geeks shares a link to a Python script on GitHub that can be used to identify DKIM key length.

February 2024 - Email Geeks

Expert view

Expert from Spamresource explains that a proper DKIM key requires a key length of 1024 bits or greater.

June 2021 - Spamresource

What the documentation says
4Technical articles

Identifying DKIM key length is primarily achieved using OpenSSL commands. DigiCert.com explains extracting the public key and using `openssl rsa -in <keyfile> -text -noout`. Let's Encrypt Community shares using `openssl rsa -in privkey.pem -text | grep Private-Key: | cut -d' ' -f4` to get the size in bits. OpenSSL's wiki details using `openssl rsa -in your_private_key.pem -pubout -outform PEM | openssl rsa -pubin -text -noout` for detailed key information. Alternatively, knowledgeadvisor.biz suggests using online tools like mail-tester.com to check key validity and length.

Key findings

OpenSSL Command Options: Multiple OpenSSL commands can be used to determine key length, each offering different levels of detail.
Extraction Requirement: Regardless of the command, extracting the public key from the DNS record is a necessary first step.
Online Tool Alternative: Online tools provide a simpler alternative to command-line methods for validating key length.

Key considerations

Command Complexity: OpenSSL commands can be complex and require familiarity with command-line interfaces.
Key Format: Ensure the key is in the correct format (PEM) for OpenSSL commands to work properly.
Tool Reliability: Verify the reliability and trustworthiness of online tools before relying on their results.

Technical article

Documentation from DigiCert.com explains how to use OpenSSL to check the DKIM key length. They describe the command line steps involving extracting the public key, saving it to a file, and then using openssl rsa -in <keyfile> -text -noout to display the key details, including modulus, which indicates the key length.

December 2021 - DigiCert.com

Technical article

Documentation from Let's Encrypt Community explain how to show the size of the RSA key. Using OpenSSL, you can use this command: `openssl rsa -in privkey.pem -text | grep Private-Key: | cut -d' ' -f4`. This command will extract the key size in bits.

April 2022 - community.letsencrypt.org

Technical article

Documentation from knowledgeadvisor.biz tells you can use a tool to determine if your DKIM key is valid and of the correct length. They show how to check your DKIM key size by using a tool like mail-tester.com.

August 2023 - knowledgeadvisor.biz

Technical article

Documentation from OpenSSL's wiki explains how to display the public key using OpenSSL. Use this command: `openssl rsa -in your_private_key.pem -pubout -outform PEM | openssl rsa -pubin -text -noout` This command gives all the nitty gritty details of your key in a human readable form.

April 2021 - wiki.openssl.org

2048 Bit DKIM Keys: Length and Best Practices | SendGrid

Learn how to implement 2048 bit DKIM keys to protect your domain and email reputation with the latest-and-greatest email security.

SendGrid

DKIM 1024 vs 2048: Which is Better and Why | Mailjet

Unsure of the difference between DKIM 1024 or 2048-bit keys? We’ll go through what they are and how to implement the best security system for your domain.

Mailjet

EasyDMARC DKIM Record Generator | Create DKIM Records Free

EasyDMARC’s DKIM Record Generator creates DKIM records for DNS with 1024, 2048, and 4096-bit key lengths. Protect your domain from email scams and phishing.

EasyDMARC