DKIM Record Generator (RSA and Ed25519)

Use this DKIM Record Generator to create DKIM records for your domain. Both RSA and Ed25519 keys can be created.

Note
 No domain or selector information is submitted to our servers. A secure request is made to obtain a suitable private key and raw public key only. This key information is displayed and made available for download in a DKIM-compatible format using client-side JavaScript. No key data is stored on the server.

Ed25519 keys for DKIM signing were introduced in RFC 8463 and are currently less widely supported than RSA keys. While an increasing number of e-mail providers will validate these signatures, you should sign e-mail using both RSA and Ed25519 keys until the latter is more widely supported.

Many online DKIM record verification sites are also unable to verify Ed25519 DNS records or signatures. Matthäus Wander has an excellent DKIM Test page that can verify e-mail signed using both RSA and Ed25519 keys. It will also verify multiple DKIM-Signatures in an e-mail, so it’s perfect for testing e-mail signed with multiple keys. Don’t rely on what GMail tells you as they don’t show the results for every signature.

If you are looking for an SMTP relay provider that either allows you to use your own DKIM keys, or one that does the hard work for you, see our current list of Recommended SMTP Providers.

(?) DKIM records should be created for every domain and subdomain that is used to send e-mail.

Note that DMARC policies, where used, apply to the registered domain and its subdomains.
(?) Each DKIM record must have a unique selector name.

A new selector should be created when keys are rotated.

While it technically should be possible for RSA and Ed25519 keys to share a selector name, RFC 4871 prohibits this.
Key Type (?) You should generate both Ed25519 and RSA keys for your domain.
Key Size (Bits) (?) RSA: 2048 bit keys are recommended. Larger key sizes may not be compatible with some DNS providers and RFC 4871 only requires verifiers to support keys up to 2048 bit. 3072 bit keys are erroneously marked as invalid by some online DKIM record validation sites.

Ed25519: All keys are 256 bit.
N/A

Successfully created keys for

Create a TXT record in DNS with the name ._domainkey., containing the value below.


			

			Copy | Download
		

	

	
Configure your e-mail software to use the private key below (usually in the form of a PEM file). Note that the formatting must be preserved.

	

		

			

				

			

			Copy | Download
		

	














©2024 Inveigle.net


HOME | PRIVACY | CONTACT