for generated dkim keys, use clearer file names

with ".rsa2048.privatekey.pkcs8.pem", instead of "rsakey.pkcs8.pem". "rsakey"
doesn't say if it is a public or private key.
This commit is contained in:
Mechiel Lukkien 2023-10-13 08:59:35 +02:00
parent 4e26fd13e2
commit 40040542f6
No known key found for this signature in database
3 changed files with 9 additions and 9 deletions

8
doc.go
View file

@ -45,8 +45,8 @@ low-maintenance self-hosted email.
mox dane dialmx domain [destination-host] mox dane dialmx domain [destination-host]
mox dane makerecord usage selector matchtype [certificate.pem | publickey.pem | privatekey.pem] mox dane makerecord usage selector matchtype [certificate.pem | publickey.pem | privatekey.pem]
mox dns lookup [ptr | mx | cname | ips | a | aaaa | ns | txt | srv | tlsa] name mox dns lookup [ptr | mx | cname | ips | a | aaaa | ns | txt | srv | tlsa] name
mox dkim gened25519 >$selector._domainkey.$domain.ed25519key.pkcs8.pem mox dkim gened25519 >$selector._domainkey.$domain.ed25519.privatekey.pkcs8.pem
mox dkim genrsa >$selector._domainkey.$domain.rsakey.pkcs8.pem mox dkim genrsa >$selector._domainkey.$domain.rsa2048.privatekey.pkcs8.pem
mox dkim lookup selector domain mox dkim lookup selector domain
mox dkim txt <$selector._domainkey.$domain.key.pkcs8.pem mox dkim txt <$selector._domainkey.$domain.key.pkcs8.pem
mox dkim verify message mox dkim verify message
@ -693,7 +693,7 @@ strength. This is convenient because of maximum DNS message sizes. At the time
of writing, not many mail servers appear to support ed25519 DKIM keys though, of writing, not many mail servers appear to support ed25519 DKIM keys though,
so it is recommended to sign messages with both RSA and ed25519 keys. so it is recommended to sign messages with both RSA and ed25519 keys.
usage: mox dkim gened25519 >$selector._domainkey.$domain.ed25519key.pkcs8.pem usage: mox dkim gened25519 >$selector._domainkey.$domain.ed25519.privatekey.pkcs8.pem
# mox dkim genrsa # mox dkim genrsa
@ -702,7 +702,7 @@ Generate a new 2048 bit RSA private key for use with DKIM.
The generated file is in PEM format, and has a comment it is generated for use The generated file is in PEM format, and has a comment it is generated for use
with DKIM, by mox. with DKIM, by mox.
usage: mox dkim genrsa >$selector._domainkey.$domain.rsakey.pkcs8.pem usage: mox dkim genrsa >$selector._domainkey.$domain.rsa2048.privatekey.pkcs8.pem
# mox dkim lookup # mox dkim lookup

View file

@ -1554,7 +1554,7 @@ func ctlcmdQueueDump(ctl *ctl, id string) {
} }
func cmdDKIMGenrsa(c *cmd) { func cmdDKIMGenrsa(c *cmd) {
c.params = ">$selector._domainkey.$domain.rsakey.pkcs8.pem" c.params = ">$selector._domainkey.$domain.rsa2048.privatekey.pkcs8.pem"
c.help = `Generate a new 2048 bit RSA private key for use with DKIM. c.help = `Generate a new 2048 bit RSA private key for use with DKIM.
The generated file is in PEM format, and has a comment it is generated for use The generated file is in PEM format, and has a comment it is generated for use
@ -2082,7 +2082,7 @@ mox dns lookup tlsa _25._tcp.xmox.nl
} }
func cmdDKIMGened25519(c *cmd) { func cmdDKIMGened25519(c *cmd) {
c.params = ">$selector._domainkey.$domain.ed25519key.pkcs8.pem" c.params = ">$selector._domainkey.$domain.ed25519.privatekey.pkcs8.pem"
c.help = `Generate a new ed25519 key for use with DKIM. c.help = `Generate a new ed25519 key for use with DKIM.
Ed25519 keys are much smaller than RSA keys of comparable cryptographic Ed25519 keys are much smaller than RSA keys of comparable cryptographic

View file

@ -109,7 +109,7 @@ func MakeDKIMRSAKey(selector, domain dns.Domain) ([]byte, error) {
block := &pem.Block{ block := &pem.Block{
Type: "PRIVATE KEY", Type: "PRIVATE KEY",
Headers: map[string]string{ Headers: map[string]string{
"Note": dkimKeyNote("rsa", selector, domain), "Note": dkimKeyNote("rsa-2048", selector, domain),
}, },
Bytes: pkcs8, Bytes: pkcs8,
} }
@ -194,7 +194,7 @@ func MakeDomainConfig(ctx context.Context, domain, hostname dns.Domain, accountN
addSelector := func(kind, name string, privKey []byte) error { addSelector := func(kind, name string, privKey []byte) error {
record := fmt.Sprintf("%s._domainkey.%s", name, domain.ASCII) record := fmt.Sprintf("%s._domainkey.%s", name, domain.ASCII)
keyPath := filepath.Join("dkim", fmt.Sprintf("%s.%s.%skey.pkcs8.pem", record, timestamp, kind)) keyPath := filepath.Join("dkim", fmt.Sprintf("%s.%s.%s.privatekey.pkcs8.pem", record, timestamp, kind))
p := configDirPath(ConfigDynamicPath, keyPath) p := configDirPath(ConfigDynamicPath, keyPath)
if err := writeFile(p, privKey); err != nil { if err := writeFile(p, privKey); err != nil {
return err return err
@ -223,7 +223,7 @@ func MakeDomainConfig(ctx context.Context, domain, hostname dns.Domain, accountN
if err != nil { if err != nil {
return fmt.Errorf("making dkim rsa private key: %s", err) return fmt.Errorf("making dkim rsa private key: %s", err)
} }
return addSelector("rsa", name, key) return addSelector("rsa2048", name, key)
} }
if err := addEd25519(year + "a"); err != nil { if err := addEd25519(year + "a"); err != nil {