Generating 1024 bit DKIM key
To generate a DKIM key with openssl, do the following - this will generate you a 1024 bit DKIM key:
Your generated public key will remind something like below:
If you need to supply the public.key in the DNS record as follows, you have to "convert" it manually to be in one line, i.e.:
In bind/named compatible format, it will look like below TXT record:
Generating 2048 bit DKIM key
Please note that you may want to use a 2048 bit DKIM key - in this case, use the following openssl commands:
However, 2048 bit public DKIM key is too long to fit into one single TXT record - which can be up to 255 characters. Assuming your full public key is as follows:
...you need to split the text field into parts having 255 characters or less:
There are several limitations to 2048 bit DKIM records:
- While bind/named supports TXT fields being split into several parts, some DNS hostings may still not support it.
- If the total size of the DNS record is larger than 512 bytes, it will be sent over TCP, not UDP. Some buggy firewalls may not permit DNS packets over TCP.