Provided by: opendkim-tools_2.11.0~beta2-9.1_amd64 bug

NAME
       opendkim-genkey - DKIM filter key generation tool


SYNOPSIS
       opendkim-genkey [options]


DESCRIPTION
       opendkim-genkey  generates  (1)  a  private  key for signing messages using opendkim(8) and (2) a DNS TXT
       record suitable for inclusion in a zone file which publishes the matching public key for  use  by  remote
       DKIM verifiers.

       The  filenames  of  these  are  based  on the selector (see below); the private key will have a suffix of
       ".private" and the TXT record will have a suffix of ".txt".

       Both long and short names are supported for most options.


OPTIONS
       -a     (--append-domain) Appends the domain name (see -d below) to the label in the generated TXT record,
              followed by a trailing period.  By default it is assumed the domain  name  is  implicit  from  the
              context of the zone file, and is therefore not included in the output.

       -b bits
              (--bits=n)  Specifies the size of the key, in bits, to be generated.  The upstream default is 1024
              which is the value recommended by the DKIM specification, but in Debian the default is 2048  based
              on more current recommendations such as those from NIST 800-177.

       -d domain
              (--domain=string)  Names the domain which will use this key for signing.  Currently only used in a
              comment in the TXT record file.  The default is "localhost".

       -D directory
              (--directory=path) Instructs the tool to change to the named directory prior  to  creating  files.
              By default the current directory is used.

       -h algorithms
              (--hash-algorithms=name[:name[...]])   Specifies  a list of hash algorithms which can be used with
              this key.  Upstream, by default all hash algorithms are allowed, but in Debian this is  restricted
              to sha256 based on NIST 800-177.

       --help Print a help message and exit.

       -n note
              (--note=string)  Includes  arbitrary  note  text  in  the key record.  By default, no such text is
              included.

       -r     (--restrict) Restricts the key for use in e-mail signing only.  The default is to allow the key to
              be used for any service.

       -s selector
              (--selector=name) Specifies the selector, or name, of the key  pair  generated.   The  default  is
              "default".

       -S     (--[no]subdomains)  Disallows  subdomain  signing  by this key.  By default the key record will be
              generated such that verifiers are told subdomain signing is permitted.   Note  that  for  backward
              compatibility reasons, -S means the same as --nosubdomains.

       -t     (--[no]testmode) Indicates the generated key record should be tagged such that verifiers are aware
              DKIM is in test at the signing domain.

       -v     (--verbose) Increase verbose output.

       -V     (--version) Print version number and exit.


NOTES
       Requires that the openssl(8) binary be installed and in the executing shell's search path.


VERSION
       This man page covers the version of opendkim-genkey that shipped with version 2.11.0 of OpenDKIM.


COPYRIGHT
       Copyright (c) 2007, 2008 Sendmail, Inc. and its suppliers.  All rights reserved.

       Copyright (c) 2009, 2011-2013, The Trusted Domain Project.  All rights reserved.


SEE ALSO
       opendkim(8), openssl(8)

       RFC6376 - DomainKeys Identified Mail

                                           The Trusted Domain Project                         opendkim-genkey(8)