Generating DomainKeys for Mail
We need to generate DK (DomainKeys) to validate that we are the original senders and not someone impersonating us, this tutorial is meant to explain how generate the keys
To generate a DomainKeys record we can do simply from the command line.
openssl genrsa -out default 1024
openssl rsa -in default -out txt -pubout -outform PEM
This will create two files that will contain the private and the public key that we can put in the DNS zone record, let’s check the files what they contain.
cat default
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCvcvkiUaVlHZNDo7grpSh+SLc8L5yZMg34uysFdc8HNWB/bbx9
lEMUj2/n/1qlj+AYcisMIpCGGK+LrrGig65x7OH31mpxWjj8zfKNtGzSjdBzgbL+
kMZi21VpoJ8BP/R9oGrJf4woZ/arZUmlzKpTsNqw7RCvNJ55OCAi2jcJWQIDAQAB
AoGBAJfzw8HtZInGq5yRVxi12fRFli0SL1ae+2rI7+GyvrNHj2PN7sn0doSAFjOf
/SoXCcciWhYQeYsqJh+cFUzjL1kc7NqqI8rX36L49G+ur87AJFDYsz851OCly9JN
9rAe36Dv7BToE+hC0cqT7u5bNjKEimNNHsdprQlRm6RiFbABAkEA1Oalhe5GGjsy
ICO7X5JCyF7QI0yjLPY4cP9hHvgS+WPT5/IciQIUKmV2T6+TS48nFgAU5euFjepZ
Bzq4KzhHmQJBANL3bTMoVB0yh8fckN12KFx34DdOCclBqu0vNXTNcEoHspAJhaa5
DlQuZCUursPDwibBv/exWx4BgfFMOQJe58ECQCP/T5Nio1XCFoqaoA7bwxDv/w9I
4Po0M3zfoUNEPKkQOP8pz6tWv6Qffa6hiC0pajltEBuEBBPnwN/ZDNS58lkCQHMc
HFJQi+zOeHXd7JFZ+lXR9t5WT1Kn6Qq3upQ70CwknRKoj2tUB/R4x53eJe+dLZ+W
EhelhxENQ4iUzXp0rEECQEJIsNDQIeDcOyMKy1TOKFwG2TFvvIqDlM7+2NKucmcy
Re2q6DPYpksiJVY/2EAtYqsBAEztVb38bakbY5EUmp0=
-----END RSA PRIVATE KEY-----
And let’s check the txt file
cat txt
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvcvkiUaVlHZNDo7grpSh+SLc8
L5yZMg34uysFdc8HNWB/bbx9lEMUj2/n/1qlj+AYcisMIpCGGK+LrrGig65x7OH3
1mpxWjj8zfKNtGzSjdBzgbL+kMZi21VpoJ8BP/R9oGrJf4woZ/arZUmlzKpTsNqw
7RCvNJ55OCAi2jcJWQIDAQAB
-----END PUBLIC KEY-----
From this you can see that we have a public and a private key, the private one we keep for us, if someone has the private key, they can sign as us.
To convert the txt file to a format suitable for DNS record we need to copy the key, and delete all the new lines
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvcvkiUaVlHZNDo7grpSh+SLc8L5yZMg34uysFdc8HNWB/bbx9lEMUj2/n/1qlj+AYcisMIpCGGK+LrrGig65x7OH31mpxWjj8zfKNtGzSjdBzgbL+kMZi21VpoJ8BP/R9oGrJf4woZ/arZUmlzKpTsNqw7RCvNJ55OCAi2jcJWQIDAQAB
So we just prepend the value p= and append ; and we have our key that we can put in a DNS zone
So let’s see the complete record now:
_domainkey.example.com. IN TXT "o=-"
default._domainkey.example.com. IN TXT "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvcvkiUaVlHZNDo7grpSh+SLc8L5yZMg34uysFdc8HNWB/bbx9lEMUj2/n/1qlj+AYcisMIpCGGK+LrrGig65x7OH31mpxWjj8zfKNtGzSjdBzgbL+kMZi21VpoJ8BP/R9oGrJf4woZ/arZUmlzKpTsNqw7RCvNJ55OCAi2jcJWQIDAQAB;"