From c21b92d9b79a80a27607618666b56fbc5cd26ac8 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Mon, 3 Dec 2018 23:13:04 +0100
Subject: Upgrade DKIM keys to rsa2048, and allow for multiple keys.

---
 certs/dkim/README | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 certs/dkim/README

(limited to 'certs/dkim/README')

diff --git a/certs/dkim/README b/certs/dkim/README
new file mode 100644
index 0000000..e5addf9
--- /dev/null
+++ b/certs/dkim/README
@@ -0,0 +1,11 @@
+To convert a PEM-encoded public key to a TXT record, run
+
+    $ SELECTOR="8f00fb94ec6c37aacb48bd43e073f9b7"
+    $ DOMAIN="fripost.org"
+    $ printf "%s._domainkey%s    IN TXT    (\n" "$SELECTOR" "${DOMAIN:+.$DOMAIN.}"; \
+      { printf "v=DKIM1; k=rsa; t=s; s=email; p=";
+        sed '/^--.*--$/d' <"./certs/dkim/$SELECTOR.pub" | tr -d '\n';
+      } | fold -w64 | sed 's/.*/    "&"/; $s/$/ )\n/'
+
+Remove the "t=s" tag if subdomaining or third-party signature (hosted
+domain) is required, cf. RFC 6376 sec. 3.6.1.
-- 
cgit v1.2.3