Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
opendkim-genkey(8)	    System Manager's Manual	    opendkim-genkey(8)

NAME
       opendkim-genkey - DKIM filter key generation tool

SYNOPSIS
       opendkim-genkey [options]

DESCRIPTION
       opendkim-genkey	generates (1) a	private	key for	signing	messages using
       opendkim(8) and (2) a DNS TXT record suitable for inclusion in  a  zone
       file  which  publishes  the  matching public key	for use	by remote DKIM
       verifiers.

       The filenames of	these are based	on the selector	(see below); the  pri-
       vate  key will have a suffix of ".private" and the TXT record will have
       a suffix	of ".txt".

       Both long and short names are supported for most	options.

OPTIONS
       -a     (--append-domain)	Appends	the domain name	(see -d	below) to  the
	      label  in	 the  generated	TXT record, followed by	a trailing pe-
	      riod.  By	default	it is assumed the domain name is implicit from
	      the context of the zone file, and	is therefore not  included  in
	      the output.

       -b bits
	      (--bits=n)  Specifies the	size of	the key, in bits, to be	gener-
	      ated.  The default is 1024 which is the value recommended	by the
	      DKIM specification.

       -d domain
	      (--domain=string)	Names the domain which will use	this  key  for
	      signing.	 Currently  only  used	in a comment in	the TXT	record
	      file.  The default is "example.com".

       -D directory
	      (--directory=path) Instructs the tool to change to the named di-
	      rectory prior to creating	files.	By default the current	direc-
	      tory is used.

       --ed25519
	      generate a ed25519 key.

       -h algorithms
	      (--hash-algorithms=name[:name[...]])   Specifies	a list of hash
	      algorithms which can be used with	this key.  By default all hash
	      algorithms are allowed.

       --help Print a help message and exit.

       -n note
	      (--note=string) Includes arbitrary note text in the key  record.
	      By default, no such text is included.

       -r     (--restrict)  Restricts  the key for use in e-mail signing only.
	      The default is to	allow the key to be used for any service.

       -s selector
	      (--selector=name)	Specifies the selector,	or name,  of  the  key
	      pair generated.  The default is "default".

       -S     (--[no]subdomains)  Disallows subdomain signing by this key.  By
	      default the key record will be generated such that verifiers are
	      told subdomain signing is	permitted.   Note  that	 for  backward
	      compatibility reasons, -S	means the same as --nosubdomains.

       -t     (--[no]testmode)	Indicates  the	generated key record should be
	      tagged such that verifiers are aware DKIM	 is  in	 test  at  the
	      signing domain.

       -v     (--verbose) Increase verbose output.

       -V     (--version) Print	version	number and exit.

NOTES
       Requires	 that  the openssl(8) binary be	installed and in the executing
       shell's search path.

VERSION
       This man	page covers the	version	of opendkim-genkey that	 shipped  with
       version 2.11.0 of OpenDKIM.

COPYRIGHT
       Copyright  (c) 2007, 2008 Sendmail, Inc.	and its	suppliers.  All	rights
       reserved.

       Copyright (c) 2009, 2011-2013, The Trusted Domain Project.  All	rights
       reserved.

SEE ALSO
       opendkim(8), openssl(8)

       RFC6376 - DomainKeys Identified Mail

			  The Trusted Domain Project	    opendkim-genkey(8)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=opendkim-genkey&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>

home | help