SYNOPSIS
opendkim-genkey [options]DESCRIPTION
opendkim-genkey generates (1) a private key for signing messages using opendkim(8) and (2) a DNS TXT record suitable for inclusion in a zone file which publishes the matching public key for use by remote DKIM verifiers.The filenames of these are based on the selector (see below); the private key will have a suffix of ".private" and the TXT record will have a suffix of ".txt".
Both long and short names are supported for most options.
OPTIONS
- -a
-
(--append-domain)
Appends the domain name (see -d below) to the label in the generated
TXT record, followed by a trailing period. By default it is assumed the
domain name is implicit from the context of the zone file, and is therefore
not included in the output.
- -b bits
-
(--bits=n)
Specifies the size of the key, in
bits,
to be generated. The default is 1024 which is the value recommended by
the DKIM specification.
- -d domain
-
(--domain=string)
Names the
domain
which will use this key for signing. Currently only used in a comment in
the TXT record file. The default is "localhost".
- -D directory
-
(--directory=path)
Instructs the tool to change to the named
directory
prior to creating files. By default the current directory is used.
- -h algorithms
-
(--hash-algorithms=name[:name[...]])
Specifies a list of hash
algorithms
which can be used with this key. By default all hash algorithms are allowed.
- --help
-
Print a help message and exit.
- -n note
-
(--note=string)
Includes arbitrary
note
text in the key record. By default, no such text is included.
- -r
-
(--restricted)
Restricts the key for use in e-mail signing only. The default is to allow
the key to be used for any service.
- -s selector
-
(--selector=name)
Specifies the
selector,
or name, of the key pair generated. The default is "default".
- -S
-
(--[no]subdomains)
Disallows subdomain signing by this key. By default the key record will be
generated such that verifiers are told subdomain signing is permitted. Note
that for backward compatibility reasons,
-S
means the same as
--nosubdomains.
- -t
-
(--[no]testmode)
Indicates the generated key record should be tagged such that verifiers are
aware DKIM is in test at the signing domain.
- -v
-
(--verbose)
Increase verbose output.
- -V
- (--version) Print version number and exit.
NOTES
Requires that the openssl(8) binary be installed and in the executing shell's search path.VERSION
This man page covers the version of opendkim-genkey that shipped with version 2.10.3 of OpenDKIM.COPYRIGHT
Copyright (c) 2007, 2008 Sendmail, Inc. and its suppliers. All rights reserved.Copyright (c) 2009, 2011-2013, The Trusted Domain Project. All rights reserved.