Based on the Exim4
docs I have the following script:
#! /bin/bash --
ED="dkim_ed25519_$(date +'%Y%m%d')"
RSA="dkim_rsa_$(date +'%Y%m%d')"
## Generate private key
openssl genpkey -algorithm ed25519 -out "${ED}.private"
openssl genrsa -out "${RSA}.private" 2048
## Use private key to generate the public DNS TXT record:
## 20200701._domainkey.example.com IN TXT "k=[ed25519|rsa]; p=[pub_key_content]"
openssl pkey -in "${ED}.private" -pubout -outform DER | tail -c +13 | base64 > "${ED}.public"
openssl rsa -in "${RSA}.private" -pubout -outform PEM | sed '/^-----/d' | tr -d '\n' > "${RSA}.public"
This generates a pair of private + public keys. Public ones are:
dkim_ed25519_20200701.public:
ICkF+6tTRKc8voK15Th4eTXMX3inp5jZwZSu4CH2FIc=
dkim_rsa_20200701.public:
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZMwFIfqRCUPAp6Jz5OPC9GC68JWsVA5VF2RBGH8Bx7rIRE6vekhejwqK4rmiaMswfuJEMKErWE0ZwYz7bhSsBMnv0G1xC7OLgOTCziUO1EjMp/R5/aUno1Y0txFcJJdbSNEpZYc0jMLW3TqNn3VN6glVpnPId2Rb6SqfweS7zYp04LrX+pT43pCEn9pHxVOmWfmz8AJav1kuYM5KvU7gsC3ytzaxW+QlHTaWH9vGtgK1GVg0NGQmPS2/nLSDABjJPATDN/d3PagpsPdwGtOPfe4ShW32FBhRVL9X3ZeeUP4y1iZn0Si4sQiWYAfwekxLh2lsvALAHPc7er8RxJ4yQIDAQAB
When I've tried to plug in those into the domain's TXT records like so:
RSA:
k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZMwFIfqRCUPAp6Jz5OPC9GC68JWsVA5VF2RBGH8Bx7rIRE6vekhejwqK4rmiaMswfuJEMKErWE0ZwYz7bhSsBMnv0G1xC7OLgOTCziUO1EjMp/R5/aUno1Y0txFcJJdbSNEpZYc0jMLW3TqNn3VN6glVpnPId2Rb6SqfweS7zYp04LrX+pT43pCEn9pHxVOmWfmz8AJav1kuYM5KvU7gsC3ytzaxW+QlHTaWH9vGtgK1GVg0NGQmPS2/nLSDABjJPATDN/d3PagpsPdwGtOPfe4ShW32FBhRVL9X3ZeeUP4y1iZn0Si4sQiWYAfwekxLh2lsvALAHPc7er8RxJ4yQIDAQAB
ED25519:
k=ed25519; p=ICkF+6tTRKc8voK15Th4eTXMX3inp5jZwZSu4CH2FIc=
I have figured that my DKIM rsa
version works fine with gmail
, but ed25519
just fails.
Did I make a mistake in my code/config? Or is it the case that ed25519
is not widely adopted?