path: root/e-post/doman.mdwn
diff options
authorGuilhem Moulin <>2018-12-04 12:49:10 +0100
committerGuilhem Moulin <>2018-12-04 12:49:12 +0100
commitb2121dfdc4320f2fca66091f04076e95425d48c0 (patch)
treecf8fb7d4ad24aabe80d21add28a2d8396ab5f96d /e-post/doman.mdwn
parent49307bd84426efe2a06677eb26d9f723f5257018 (diff)
Rotate DKIM keys: upgrade to rsa2048 and change selector.
Diffstat (limited to 'e-post/doman.mdwn')
1 files changed, 16 insertions, 3 deletions
diff --git a/e-post/doman.mdwn b/e-post/doman.mdwn
index 57d7100..f809478 100644
--- a/e-post/doman.mdwn
+++ b/e-post/doman.mdwn
@@ -129,15 +129,28 @@ When you're using our Mail Submission Agent (``, see our
[webmail]( to send an email, you might have
noticed a "DKIM-Signature" field in the mail header on the receiver side:
- DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; ...; s=20140703; ...
+ DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; …; s=8f00fb94ec6c37aacb48bd43e073f9b7; …
This field was added just before your mail left Fripost's infrastructure. The
selector and signing domain, respectively given by "s=" and "d=", provide a way
for the receiver to fetch the public part of the key used to sign the message
from the signing domain's DNS zone:
- $ dig +short TXT
- "v=DKIM1\; k=rsa\; t=s\; s=email\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUIUVYm2WCwrXYd+cEIpKPSaxm5MxqFP3Ie7nAo+ZCLgt+oEPTuGA2dwqXAo04BeJERDKV5AGNusdn0EObjFApQZGtD7ROPrdtSMsQsOC2jDrk/FVIBWjk8NeXXA8eFHBLgB4WhByerrHYvCKO4wR5N6bT+y/QDWl868WM7ejEHwIDAQAB"
+ $ dig TXT +short \
+ | sed 's/" "//g' | tr -d '"' \
+ | fold -w64 | sed '1s/.*/ ( "&"/; 1!s/.*/ "&"/; $s/$/ )/'
+ ( "v=DKIM1; k=rsa; t=s; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A"
+ "MIIBCgKCAQEApmCWIVZt+L/bJ5+abvdmFm6Er/9g6e4WX2HKyeIfC5eDaPbUyHqH"
+ "SY7xzWNiU+cbBvny8BASkdWsclLdoiuMJ6Yes5VSzkH6j2gp9Uuy7d6p61Jbrizi"
+ "7/CQzCZfhi5uGKiGtV2g+V/sIuXekm9Q+Q2eqjj/6hUHGDPTTKEFlgruyaS6y+Ke"
+ "s+sJYjMG62lbTOKL5TjY6z0Gr2AMfglBUj9QWD5jm+bH0clE1HZq51mxXQbV2v/7"
+ "JEHjznR0nSB+jY2EV7g/MXM8DwJCDH4ZcknoH0NrcJRjuRt8ndufnx4Qh0t7qqWw"
+(Where the Resource Record is formatted in to a parentheses-enclosed list
+of chunks, cf. [RFC 1035 sec. 5.1](
+The public part of our DKIM keys can also be found
See RFCs [6376]( and
[7001]( for references. The