Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error
DKIM key-length (512/1024/2048) - discuss about DKIM/Domainkeys key-length (512/1024/2048)
Options
Go to last post Go to first unread
Previous Topic Next Topic
ivan  
#1 Posted : Monday, October 28, 2013 7:58:20 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,153

Thanks: 9 times
Was thanked: 55 time(s) in 55 post(s)
In current EA DKIM Plugin for Exchange Server and IIS SMTP service,
The DKIM manager generates 1024 key-length key pair automatically, it is recommended.

Anything shorter than 1024 key pair and your risk having the key cracked and your mail fraudulently signed.
A number of ISPs (including Gmail) have declared that they are not accepting keys that are 512-bit or less now.

About 2048 key-length DKIM key pair:
Because EA DKIM plugin allows you use customized key pair and you can use 2048 length key pair, but we don't recommend that.

First of all, the public key of 2048 is very long, it exceeds most DNS server text record limit (255).
Secondly, to sign DKIM with 2048 key pair, it takes more CPU usage and the performance is low.

So we always recommend that you generate the DKIM key pair by DKIM manager automatically.
Back to top

Wanna join the discussion?! Login to your EmailArchitect Support forum accountor Register a new forum account.
Back to top  
ivan  
#2 Posted : Monday, October 28, 2013 8:04:02 PM(UTC)
ivan

Rank: Administration

Groups: Administrators
Joined: 11/11/2010(UTC)
Posts: 1,153

Thanks: 9 times
Was thanked: 55 time(s) in 55 post(s)
Although we don't suggest that you use 2048 key pair, but I would like to introduce how to generate 2048 key pair manually

Generate 2048 key pair manually:

First of all, we need to generate a certificate which contains public key/private key. We can use MakeCert.exe (.NET Framework Tools) to generate 2048 certificate like this:

makecert -pe -n "CN=mydomainkeys" -ss my -sr LocalMachine -a sha1 -sky signature -r -len 2048


Then you can check the certificate like this:
Windows Start Menu->input:
MMC

press enter.

MMC->File Menu->Add/Remove Span-in
Add->Choose "Certificates"-> Computer Account->Local Machine->Finish->Close.

Then you should find the certificate at
"Certificates(Local Computer)->Personal->Certificates"

Right click your certificate->Export->"Yes, export the private key"->input password->save it to *.pfx file.

Then you can use above 2048 certificate in DKIM manager.
Back to top
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Powered by YAF.NET | YAF.NET © 2003-2024, Yet Another Forum.NET
This page was generated in 0.055 seconds.

EXPLORE TUTORIALS

Send Email

Read and Parse Email

DKIM Solution

© All Rights Reserved, AIFEI Software Limited & AdminSystem Software Limited.