From c21b92d9b79a80a27607618666b56fbc5cd26ac8 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 3 Dec 2018 23:13:04 +0100 Subject: Upgrade DKIM keys to rsa2048, and allow for multiple keys. --- certs/dkim/README | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 certs/dkim/README (limited to 'certs/dkim/README') diff --git a/certs/dkim/README b/certs/dkim/README new file mode 100644 index 0000000..e5addf9 --- /dev/null +++ b/certs/dkim/README @@ -0,0 +1,11 @@ +To convert a PEM-encoded public key to a TXT record, run + + $ SELECTOR="8f00fb94ec6c37aacb48bd43e073f9b7" + $ DOMAIN="fripost.org" + $ printf "%s._domainkey%s IN TXT (\n" "$SELECTOR" "${DOMAIN:+.$DOMAIN.}"; \ + { printf "v=DKIM1; k=rsa; t=s; s=email; p="; + sed '/^--.*--$/d' <"./certs/dkim/$SELECTOR.pub" | tr -d '\n'; + } | fold -w64 | sed 's/.*/ "&"/; $s/$/ )\n/' + +Remove the "t=s" tag if subdomaining or third-party signature (hosted +domain) is required, cf. RFC 6376 sec. 3.6.1. -- cgit v1.2.3