All Collections
Learn about DKIM
Generating 2048 bits DKIM public and private keys using OpenSSL on a Mac
Generating 2048 bits DKIM public and private keys using OpenSSL on a Mac

See how to generate 2048 bits DKIM public and private keys using the Mac terminal and create a DNS record.

Ivan Kovachev avatar
Written by Ivan Kovachev
Updated over a week ago

Generating the private and public keys

1. Open the terminal and type openssl

2. To generate a private key type:

openssl genrsa -out private.key 2048

3. To generate a public key from the private key type:

openssl rsa -in private.key -pubout -out public.key

4. Find the folder that contains your public key and open it. It should look something like the below.

5. Manually convert the highlighted text above to a single line ie. remove the spaces between new lines.

Creating the DNS record

The generated 2048 bits DKIM public key is too long to fit into a single TXT DNS record. A DNS record can be up to 255 characters. Therefore your public key will need to be split into two separate TXT records using quotes and slash or brackets and quotes as shown below. 

Note: this depends on your DNS provider.

TXT "part one" \ "part two"

TXT ( "part one" "part two" )

To create the DNS record you will have to specify the Name, Type and Value of the DNS record.

The DNS record Name will look like this:

selector._domainkey.domain

Where the "selector" is defined by you and can be called anything, for example the date, device or service that will sign the emails.

For example:

20180719._domainkey.redsift.io

The DNS record Type is TXT.

The DNS record Value should look like the below. The part in bold is copied from the generated public key file and remember that you will need to split the public key into two records.

Splitting examples:

Example 1 using quotes.

TXT record 1: 

“v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTtO1qRFaK955gz16Y8c1EMCqtaT4exCrwfor2yT438ZVjrUcqo2tPUNR4eqkD+xcKRQnWSw931uVUY6YJWtOrgrXTIrHnTkf5Xtg+jaXr0OhjdeVDIG/Le7oOVWncMf+9J4ZSRybOpb+XZPp/JLjis6pmC”\

TXT record 2: “Lrt5j82yBC9DCbsEPSOVVOC1mr5lq8irQs+qAv6M/DnjNcUrdiRBJyNrs2lfuvfs8BFceZAk1AwcVBcYCmZl5OkxZBn8liTC34FPJLLHm6jMp9+c0OaEtxo8zr3QX0ZYEWC3XqZ/p9fo4Pcg+fpyjee79wBVqUzhVAWdzE5+qAIn4e1Dmslyb6IX4mwIDAQAB

Example 2 using bracket and quotes.

TXT record 1: 

(“v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTtO1qRFaK955gz16Y8c1EMCqtaT4exCrwfor2yT438ZVjrUcqo2tPUNR4eqkD+xcKRQnWSw931uVUY6YJWtOrgrXTIrHnTkf5Xtg+jaXr0OhjdeVDIG/Le7oOVWncMf+9J4ZSRybOpb+XZPp/JLjis6pmC

TXT record 2: “Lrt5j82yBC9DCbsEPSOVVOC1mr5lq8irQs+qAv6M/DnjNcUrdiRBJyNrs2lfuvfs8BFceZAk1AwcVBcYCmZl5OkxZBn8liTC34FPJLLHm6jMp9+c0OaEtxo8zr3QX0ZYEWC3XqZ/p9fo4Pcg+fpyjee79wBVqUzhVAWdzE5+qAIn4e1Dmslyb6IX4mwIDAQAB”)

Did this answer your question?