System: DKIM Key Pair Generator
This tool uses our previously presented PHP code for generating a private key and BIND TXT entry for DKIM signing and validation.
It's important to note that neither the private nor public components of the keys required for DKIM signing and validation contain any information about the domain, selector or anything else. If you use a different online generator you should obfuscate those values.
Generate a new DKIM Key-pair
Click the button below to generate a new DKIIM private key and public DNS TXT record in BIND format. In the BIND record you will need to replace 'xxx' with your desired selector.
The private key should be kept secure and private at all times. It will be used to sign outbound emails. The public key is, public, and is used to verify DKIM-signed emails.
The above tool will generate a 2048-bit private key in RSA (OPENSSL_KEYTYPE_RSA) format, and a public key in BIND format. If you have different requirements, you can use this code as starting point.
As described elsewhere, the public key is extracted from the private key, so they must be generated simultaneously and can only work together as a pair.
And while you could use a single key-pair to cover any number of domains, best practice is to have one for each domain and sender so they can be easily revoked and replaced.
Related Articles - Sendmail
- PHP Signing outbound emails with DKIM
- PHP Generating a Key Pair for DKIM
- System DKIM Key Pair Generator
- System Analysing mailq and the mqueue directory
- System Using qtool.pl to manage sendmail queues
- System Analysing the mail.log
- System Expanding IPv6 Addresses for DNSBL Checks