dknewkey(1)                 General Commands Manual                dknewkey(1)



NAME
       dknewkey - Generates new DKIM public/private key pairs

VERSION
       0.8.0


DESCRIPTION
       dknewykey generates new DKIM keys.

       For RSA keys, it defaults to 2048 bit key size.  This is controlled by
       the BITS_REQUIRED variable. ed25519 keys do not have a variable size.

       For RSA keys, it uses openssl to do the generation.  By default it
       assumes this is located at /usr/bin/openssl.  This is controlled by the
       OPENSSL_BINARY variable.  For ed25519 keys, PyNaCl (python-nacl in
       Debian and derivatives) is used.  For RSA keys k=sha256 is now included
       in the public DNS record to prevent inadvertent use with the now
       obsolete sha1 hash algorithm (See RFC 8301).


USAGE
       dknewkey.py [-h] [--ktype {rsa,ed25519}] key_name

       mandatory positional arguments:
         key_name

       optional arguments:
         -h, --help            show this help message and exit
         --ktype {rsa,ed25519}
                               DKIM key type: Default is rsa

       NOTE: Depending on the packaging and distribution, the exact path and
       name for the executable may vary.


AUTHORS
       This version of dknewkey was written by Brandon Long
       <blong@google.com>.  It has been substantially rewritten by Scott
       Kitterman <scott@kitterman.com>.

       This man-page was created by Scott Kitterman <scott@kitterman.com> and
       is licensed under the same terms as dkimpy.

                                  2018-02-05                       dknewkey(1)