diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2018-12-05 15:47:34 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2018-12-05 16:24:12 +0100 |
commit | 9722d50b9b6c5ccd81892a00bdd3023399b004fb (patch) | |
tree | 10ff7840e4c924d51217a122ac5f4a7bcb56a476 /roles/common/files | |
parent | c21b92d9b79a80a27607618666b56fbc5cd26ac8 (diff) |
DKIM: also include the "d=" tag in key filenames, not only the "s=" tag.
While the combination of "s=" tag (selector) & "d=" tag signing domain
maps to a unique key, the selector alone doesn't necessarily.
Diffstat (limited to 'roles/common/files')
-rwxr-xr-x | roles/common/files/usr/local/bin/genkeypair.sh | 16 |
1 files changed, 2 insertions, 14 deletions
diff --git a/roles/common/files/usr/local/bin/genkeypair.sh b/roles/common/files/usr/local/bin/genkeypair.sh index 01b279a..ad65aef 100755 --- a/roles/common/files/usr/local/bin/genkeypair.sh +++ b/roles/common/files/usr/local/bin/genkeypair.sh @@ -21,6 +21,7 @@ set -ue PATH=/usr/bin:/bin +export PATH # Default values type=rsa @@ -74,18 +75,6 @@ usage() { EOF } -dkiminfo() { - echo "Add the following TXT record to your DNS zone:" - echo "${cn:-$(date +%Y%m%d)}._domainkey\tIN\tTXT ( " - # See https://tools.ietf.org/html/rfc4871#section-3.6.1 - # t=s: the "i=" domain in signature headers MUST NOT be a subdomain of "d=" - # s=email: limit DKIM signing to email - openssl pkey -pubout <"$privkey" | sed '/^--.*--$/d' \ - | { echo -n "v=DKIM1; k=$type; t=s; s=email; p="; tr -d '\n'; } \ - | fold -w 250 \ - | { sed 's/.*/\t"&"/'; echo ' )'; } -} - [ $# -gt 0 ] || { usage; exit 2; } cmd="$1"; shift case "$cmd" in @@ -181,12 +170,11 @@ fi if [ -s "$privkey" -a $force -eq 0 ]; then echo "Error: private key exists: $privkey" >&2 - [ "$cmd" = dkim ] && dkiminfo exit 1 elif [ ! -s "$privkey" -o $force -ge 2 ]; then install --mode="${mode:-0600}" ${owner:+--owner="$owner"} ${group:+--group="$group"} /dev/null "$privkey" || exit 2 openssl $genkey -rand /dev/urandom $genkeyargs >"$privkey" || exit 2 - [ "$cmd" = dkim ] && { dkiminfo; exit; } + [ "$cmd" = dkim ] && exit fi if [ "$cmd" = x509 -a "$pubkey" = "$privkey" ]; then |