Public/Private Key-pair Generation (RSA) |
download TLS/SSL Toolkit extract OpenSSL.exe into a direcory of your choice in a DOS box type openssl genrsa -out dkim-rsa-private.pem 1024 openssl genrsa -out dkim-rsa-private.pem 1024 -outform PEM and then
openssl rsa -in dkim-rsa-private.pem -out dkim-rsa-public.pem -pubout -outform PEM openssl rsa -in dkim-rsa-private.pem -out dkim-rsa-public.pem -pubout -outform PEM This results in two files, dkim-rsa-private.pem which is the private key and looks like this: -----BEGIN RSA PRIVATE KEY----- MIIByQIBAAJhAKJ2lzDLZ8XlVambQfMXn3LRGKOD5o6lMIgulclWjZwP56LRqdg5 ZX15bhc/GsvW8xW/R5Sh1NnkJNyL/cqY1a+GzzL47t7EXzVc+nRLWT1kwTvFNGIo AUsFUq+J6+OprwIDAQABAmBOX0UaLdWWusYzNol++nNZ0RLAtr1/LKMX3tk1MkLH
+Ug13EzB2RZjjDOWlUOY98yxW9/hX05Uc9V5MPo+q2Lzg8wBtyRLqlORd7pfxYCn Kapi2RPMcR1CxEJdXOkLCFECMQDTO0fzuShRvL8q0m5sitIHlLA/L+0+r9KaSRM/ 3WQrmUpV+fAC3C31XGjhHv2EuAkCMQDE5U2nP2ZWVlSbxOKBqX724amoL7rrkUew ti9TEjfaBndGKF2yYF7/+g53ZowRkfcCME/xOJr58VN17pejSl1T8Icj88wGNHCs FDWGAH4EKNwDSMnfLMG4WMBqd9rzYpkvGQIwLhAHDq2CX4hq2tZAt1zT2yYH7tTb weiHAQxeHe0RK+x/UuZ2pRhuoSv63mwbMLEZAjAP2vy6Yn+f9SKw2mKuj1zLjEhG 6ppw+nKD50ncnPoP322UMxVNG4Eah0GYJ4DLP0U= -----END RSA PRIVATE KEY----- -----BEGIN RSA PRIVATE KEY----- MIIByQIBAA ... ZwP56LRqdg5 ZX15bhc/Gs ... T1kwTvFNGIo
AUsFUq+J6+ ... KMX3tk1MkLH +Ug13EzB2R ... lORd7pfxYCn Kapi2RPMcR ... +0+r9KaSRM/ 3WQrmUpV+f ... amoL7rrkUew ti9TEjfaBn ... Icj88wGNHCs FDWGAH4EKN ... 1zT2yYH7tTb weiHAQxeHe ... mKuj1zLjEhG 6ppw+nKD50 ... 0GYJ4DLP0U= END RSA PRIVATE KEY----- and dkim-rsa-public.pem, which is the public key and looks like this: -----BEGIN PUBLIC KEY----- MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAKJ2lzDLZ8XlVambQfMXn3LRGKOD5o6l MIgulclWjZwP56LRqdg5ZX15bhc/GsvW8xW/R5Sh1NnkJNyL/cqY1a+GzzL47t7E
XzVc+nRLWT1kwTvFNGIoAUsFUq+J6+OprwIDAQAB -----END PUBLIC KEY----- -----BEGIN PUBLIC KEY----- MHwwDQYJKo ... 3LRGKOD5o6l MIgulclWjZ ... a+GzzL47t7E XzVc+nRLWT ... +OprwIDAQAB -----END PUBLIC KEY----- Copy dkim-rsa-private.pem to CERT\PRIV directory Define an unique selector for your DomainKey, in this sample we use 20150809rsa, which is the current date and the algorithm. Copy the data of the public key file a TXT record for your domain:
20150809rsa._domainkey IN TXT "v=DKIM1;k=rsa; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAKJ2lzDLZ8XlVambQfMXn3LRGKOD5o6l MIgulclWjZwP56LRqdg5ZX15bhc/GsvW8xW/R5Sh1NnkJNyL/cqY1a+GzzL47t7E XzVc+nRLWT1kwTvFNGIoAUsFUq+J6+OprwIDAQAB;" 20150809rsa._domainkey IN TXT "v=DKIM1;k=rsa; p=MHwwDQYJ ... Xn3LRGKOD5o6l MIgulclWjZ ... a+GzzL47t7E XzVc+nRLWT ... QAB;" |
Public/Private Key-pair Generation (Ed25519) |
download TLS/SSL Toolkit
extract OpenSSL.exe into a direcory of your choice in a DOS box type openssl genpkey -algorithm ed25519 -outform PEM -out dkim-ed25519-private.pem openssl pkey -in dkim-ed25519-private.pem -pubout -out dkim-ed25519-public.pem openssl asn1parse -in dkim-ed25519-public.pem -offset 12 -noout -out dkim-ed25519-public.asn1 openssl base64 -in dkim-ed25519-public.asn1 -out dkim-ed25519-public.txt copy dkim-ed25519-private.pem + dkim-ed25519-public.pem dkim-ed25519-private.pem openssl genpkey -algorithm ed25519 -outform PEM -out dkim-ed25519-private.pem
openssl pkey -in dkim-ed25519-private.pem -pubout -out dkim-ed25519-public.pem openssl asn1parse -in dkim-ed25519-public.pem -offset 12 -noout -out dkim-ed25519-public.asn1 openssl base64 -in dkim-ed25519-public.asn1 -out dkim-ed25519-public.txt copy dkim-ed25519-private.pem + dkim-ed25519-public.pem dkim-ed25519-private.pem This results in two files, dkim-ed25519-private.pem which is the combined private key und public key and looks like this: -----BEGIN PRIVATE KEY----- MC4CAQAwBQYDK2VwBCIEIL2zDc8AYXxheWLz01yOuyrspFHI4OgTVibqzR8+Yhhi -----END PRIVATE KEY-----
-----BEGIN PUBLIC KEY----- MCowBQYDK2VwAyEAm8JAa1/AWiCpJXCKx0ytRq4Hr4ZAynEwTX7tV0QH0Yw= -----END PUBLIC KEY----- -----BEGIN PRIVATE KEY----- MC4CAQA ... +Yhhi -----END PRIVATE KEY----- -----BEGIN PUBLIC KEY----- MCowBQY ... QH0Yw= -----END PUBLIC KEY----- and dkim-ed25519-public.txt, which is the extracted public key and looks like this: m8JAa1/AWiCpJXCKx0ytRq4Hr4ZAynEwTX7tV0QH0Yw= Copy dkim-ed25519-private.pem to CERT\PRIV directory Define an unique selector for your DomainKey, in this sample we use 20240919edc, which is the current date and the algorithm. Copy the data of the public key file a TXT record for your domain: 20240919edc._domainkey IN TXT "v=DKIM1;k=ed25519; p=m8JAa1/AWiCpJXCKx0ytRq4Hr4ZAynEwTX7tV0QH0Yw=;" 20240919edc._domainkey IN TXT "v=DKIM1;k=ed25519; p=m8JAa1/A ... 0Yw=;"
|
DKIM (DomainKeys Identified Mail) Signing |
select Options->DKIM->Sign and create a new record Set the fields as follows: For messages from e-mail address: | *@yourdomain.com | | to e-mail address: | * | use this certificate (file in PEM format): | dkim-rsa-private.pem | Thereafter the program will sign all messages from your domain to everyone using the private key in the dkim-rsa-private.pem certificate.
|
DMARC (Domain-based Message Authentication, Reporting, and Conformance) |
Create a TXT record for your domain: _dmarc in txt "v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s;" DMARC defines the policy that the receiving MTA should apply to your messages when SPF and DKIM verification fails. Note: If you do not set a policy, some MTAs, namely Gmail and O365, will apply a strict policy. |