I wonder if it is okay to generate a key pair (.key
and .cert
files) for DKIM like this:
openssl req -newkey rsa:2048 -sha256 -x509 -nodes -days 3650 -keyout dkim-rsa.key -out dkim-rsa.cert
By reading RFC 6376 I can see that standards only demand RSA algorythm sha256
and maximum length of 2048
. Are there any other recommenrdations that you would have for me before I create the keys?
With DKIM you don't create an X.509 certificate, but just private and public keys:
As the public key is not given in the message but fetched from the DNS it doesn't require the additional features of an X.509 certificate.