From 40040542f69ca6c091b5e86007335e47a044dab2 Mon Sep 17 00:00:00 2001 From: Mechiel Lukkien Date: Fri, 13 Oct 2023 08:59:35 +0200 Subject: [PATCH] for generated dkim keys, use clearer file names with ".rsa2048.privatekey.pkcs8.pem", instead of "rsakey.pkcs8.pem". "rsakey" doesn't say if it is a public or private key. --- doc.go | 8 ++++---- main.go | 4 ++-- mox-/admin.go | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/doc.go b/doc.go index 2e34d06..a24556d 100644 --- a/doc.go +++ b/doc.go @@ -45,8 +45,8 @@ low-maintenance self-hosted email. mox dane dialmx domain [destination-host] mox dane makerecord usage selector matchtype [certificate.pem | publickey.pem | privatekey.pem] mox dns lookup [ptr | mx | cname | ips | a | aaaa | ns | txt | srv | tlsa] name - mox dkim gened25519 >$selector._domainkey.$domain.ed25519key.pkcs8.pem - mox dkim genrsa >$selector._domainkey.$domain.rsakey.pkcs8.pem + mox dkim gened25519 >$selector._domainkey.$domain.ed25519.privatekey.pkcs8.pem + mox dkim genrsa >$selector._domainkey.$domain.rsa2048.privatekey.pkcs8.pem mox dkim lookup selector domain mox dkim txt <$selector._domainkey.$domain.key.pkcs8.pem mox dkim verify message @@ -693,7 +693,7 @@ strength. This is convenient because of maximum DNS message sizes. At the time of writing, not many mail servers appear to support ed25519 DKIM keys though, so it is recommended to sign messages with both RSA and ed25519 keys. - usage: mox dkim gened25519 >$selector._domainkey.$domain.ed25519key.pkcs8.pem + usage: mox dkim gened25519 >$selector._domainkey.$domain.ed25519.privatekey.pkcs8.pem # mox dkim genrsa @@ -702,7 +702,7 @@ Generate a new 2048 bit RSA private key for use with DKIM. The generated file is in PEM format, and has a comment it is generated for use with DKIM, by mox. - usage: mox dkim genrsa >$selector._domainkey.$domain.rsakey.pkcs8.pem + usage: mox dkim genrsa >$selector._domainkey.$domain.rsa2048.privatekey.pkcs8.pem # mox dkim lookup diff --git a/main.go b/main.go index f0ce3e7..43530c7 100644 --- a/main.go +++ b/main.go @@ -1554,7 +1554,7 @@ func ctlcmdQueueDump(ctl *ctl, id string) { } func cmdDKIMGenrsa(c *cmd) { - c.params = ">$selector._domainkey.$domain.rsakey.pkcs8.pem" + c.params = ">$selector._domainkey.$domain.rsa2048.privatekey.pkcs8.pem" c.help = `Generate a new 2048 bit RSA private key for use with DKIM. The generated file is in PEM format, and has a comment it is generated for use @@ -2082,7 +2082,7 @@ mox dns lookup tlsa _25._tcp.xmox.nl } func cmdDKIMGened25519(c *cmd) { - c.params = ">$selector._domainkey.$domain.ed25519key.pkcs8.pem" + c.params = ">$selector._domainkey.$domain.ed25519.privatekey.pkcs8.pem" c.help = `Generate a new ed25519 key for use with DKIM. Ed25519 keys are much smaller than RSA keys of comparable cryptographic diff --git a/mox-/admin.go b/mox-/admin.go index ec93c22..b195b01 100644 --- a/mox-/admin.go +++ b/mox-/admin.go @@ -109,7 +109,7 @@ func MakeDKIMRSAKey(selector, domain dns.Domain) ([]byte, error) { block := &pem.Block{ Type: "PRIVATE KEY", Headers: map[string]string{ - "Note": dkimKeyNote("rsa", selector, domain), + "Note": dkimKeyNote("rsa-2048", selector, domain), }, Bytes: pkcs8, } @@ -194,7 +194,7 @@ func MakeDomainConfig(ctx context.Context, domain, hostname dns.Domain, accountN addSelector := func(kind, name string, privKey []byte) error { record := fmt.Sprintf("%s._domainkey.%s", name, domain.ASCII) - keyPath := filepath.Join("dkim", fmt.Sprintf("%s.%s.%skey.pkcs8.pem", record, timestamp, kind)) + keyPath := filepath.Join("dkim", fmt.Sprintf("%s.%s.%s.privatekey.pkcs8.pem", record, timestamp, kind)) p := configDirPath(ConfigDynamicPath, keyPath) if err := writeFile(p, privKey); err != nil { return err @@ -223,7 +223,7 @@ func MakeDomainConfig(ctx context.Context, domain, hostname dns.Domain, accountN if err != nil { return fmt.Errorf("making dkim rsa private key: %s", err) } - return addSelector("rsa", name, key) + return addSelector("rsa2048", name, key) } if err := addEd25519(year + "a"); err != nil {