SYNOPSIS
dkim-genkey [options]DESCRIPTION
dkim-genkey generates (1) a private key for signing messages using dkim-filter(8) and (2) a DNS TXT record suitable for inclusion in a zone file which publishes the matching public key for use by remote DKIM verifiers.The filenames of these are based on the selector (see below); the private key will have a suffix of ".private" and the TXT record will have a suffix of ".txt".
OPTIONS
- -b bits
-
Specifies the size of the key, in
bits,
to be generated. The default is 1024 which is the value recommended by
the DKIM specification.
- -d domain
-
Names the
domain
which will use this key for signing. Currently only used in a comment in
the TXT record file. The default is "example.com".
- -D directory
-
Instructs the tool to change to the named
directory
prior to creating files. By default the current directory is used.
- -g granularity
-
Defines the key
granularity,
i.e. the user(s) who may use the key. The default is "*" meaning any
user can use the key.
- -h algorithms
-
Specifies a list of hash
algorithms
which can be used with this key. By default all hash algorithms are allowed.
- -n note
-
Includes arbitrary
note
text in the key record. By default, no such text is included.
- -r
-
Restricts the key for use in e-mail signing only. The default is to allow
the key to be used for any service.
- -s selector
-
Specifies the
selector,
or name, of the key pair generated. The default is "default".
- -S
-
Disallows subdomain signing by this key. By default the key record will be
generated such that verifiers are told subdomain signing is permitted.
- -t
- Indicates the generated key record should be tagged such that verifiers are aware DKIM is in test at the signing domain.