Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
opendkim-genkey(8)	    System Manager's Manual	    opendkim-genkey(8)

       opendkim-genkey - DKIM filter key generation tool

       opendkim-genkey [options]

       opendkim-genkey	generates (1) a	private	key for	signing	messages using
       opendkim(8) and (2) a DNS TXT record suitable for inclusion in  a  zone
       file  which  publishes  the  matching public key	for use	by remote DKIM

       The filenames of	these are based	on the selector	(see below); the  pri-
       vate  key will have a suffix of ".private" and the TXT record will have
       a suffix	of ".txt".

       Both long and short names are supported for most	options.

       -a     (--append-domain)	Appends	the domain name	(see -d	below) to  the
	      label  in	 the  generated	TXT record, followed by	a trailing pe-
	      riod.  By	default	it is assumed the domain name is implicit from
	      the  context  of the zone	file, and is therefore not included in
	      the output.

       -b bits
	      (--bits=n) Specifies the size of the key,	in bits, to be	gener-
	      ated.  The default is 1024 which is the value recommended	by the
	      DKIM specification.

       -d domain
	      (--domain=string)	Names the domain which will use	this  key  for
	      signing.	 Currently  only  used	in a comment in	the TXT	record
	      file.  The default is "".

       -D directory
	      (--directory=path) Instructs the tool to change to the named di-
	      rectory  prior to	creating files.	 By default the	current	direc-
	      tory is used.

       -h algorithms
	      (--hash-algorithms=name[:name[...]])  Specifies a	list  of  hash
	      algorithms which can be used with	this key.  By default all hash
	      algorithms are allowed.

       --help Print a help message and exit.

       -n note
	      (--note=string) Includes arbitrary note text in the key  record.
	      By default, no such text is included.

       -r     (--restricted) Restricts the key for use in e-mail signing only.
	      The default is to	allow the key to be used for any service.

       -s selector
	      (--selector=name)	Specifies the selector,	or name,  of  the  key
	      pair generated.  The default is "default".

       -S     (--[no]subdomains)  Disallows subdomain signing by this key.  By
	      default the key record will be generated such that verifiers are
	      told  subdomain  signing	is  permitted.	Note that for backward
	      compatibility reasons, -S	means the same as --nosubdomains.

       -t     (--[no]testmode) Indicates the generated key  record  should  be
	      tagged  such  that  verifiers  are  aware	DKIM is	in test	at the
	      signing domain.

       -v     (--verbose) Increase verbose output.

       -V     (--version) Print	version	number and exit.

       Requires	that the openssl(8) binary be installed	and in	the  executing
       shell's search path.

       This  man  page covers the version of opendkim-genkey that shipped with
       version 2.10.3 of OpenDKIM.

       Copyright (c) 2007, 2008	Sendmail, Inc. and its suppliers.  All	rights

       Copyright  (c) 2009, 2011-2013, The Trusted Domain Project.  All	rights

       opendkim(8), openssl(8)

       RFC6376 - DomainKeys Identified Mail

			  The Trusted Domain Project	    opendkim-genkey(8)


Want to link to this manual page? Use this URL:

home | help