To use OpenDKIM to sign and verify emails, we need to generate a private key for signing and a public key for remote verification. Here is a step-by-step guide to generating the keypair:
Step 1: Create a Folder for the Domain Create a separate folder for the domain using the following command:
sudo mkdir /etc/opendkim/keys/your-domain.com
Replace “your-domain.com” with your actual domain name.
Step 2: Generate Keys Generate the keys using the opendkim-genkey tool with the following command:
sudo opendkim-genkey -b 2048 -d your-domain.com -D /etc/opendkim/keys/your-domain.com -s default -v
This command creates 2048-bit keys. The “-d” flag specifies the domain, “-D” specifies the directory where the keys will be stored, and “-s” specifies the selector, also known as the name. Once the command is executed, the private key will be written to default.private file and the public key will be written to default.txt file.
Step 3: Change Ownership and Permissions Change the ownership of the private key to opendkim using the following command:
sudo chown opendkim:opendkim /etc/opendkim/keys/your-domain.com/default.private
Then, change the permission of the private key so that only the opendkim user has read and write access to the file using the following command:
sudo chmod 600 /etc/opendkim/keys/your-domain.com/default.private
Now, you have successfully generated a private/public keypair for your domain to use with OpenDKIM.
