Author Topic: How to implement 2048 bit DKIM keys on CWP servers.  (Read 2214 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
How to implement 2048 bit DKIM keys on CWP servers.
« on: March 09, 2023, 04:59:12 PM »
Any documentation or know how for implementing 2048 bit DKIM keys by default on Control Web Panel servers?

National Institute of Standards and Technology (NIST) recommends 2048 bit keys for DomainKeys Identified Mail (DKIM), so does a client of mine on a CWP VPS dedicated to this client only.

So is there a way to make 2048 bit DKIM keys installed by default on all accounts?
« Last Edit: March 09, 2023, 05:00:47 PM by Vinayak »

Offline
****

Offline
*
Re: How to implement 2048 bit DKIM keys on CWP servers.
« Reply #2 on: March 19, 2023, 05:52:13 AM »
My question is not about installing and configuring DKIM, my question is about how to implement 2048 bit DKIM keys by default on Control Web Panel servers.

Offline
****
Re: How to implement 2048 bit DKIM keys on CWP servers.
« Reply #3 on: March 20, 2023, 03:44:53 AM »
The takeaway from that tutorial I linked to was to use opendkim-genkey with the -b bits option:
Quote
       -b bits
              (--bits=n)  Specifies  the size of the key, in bits, to be generated.  The upstream
              default is 1024 which is the value recommended by the DKIM  specification,  but  in
              Debian the default is 2048 based on more current recommendations such as those from
              NIST 800-177.
So,
Code: [Select]
opendkim-genkey -b 2048is what you are looking for...

Offline
*
Re: How to implement 2048 bit DKIM keys on CWP servers.
« Reply #4 on: March 20, 2023, 04:03:30 AM »
When setting up an account/domain, what part/script of CWP handles generation and setting up of DKIM?

I would like CWP to automatically generate/implement 2048 bit DKIM keys by default.

Also is there a way to replace all existing 1024 bit records with 2048 bit DKIM keys?

Offline
****
Re: How to implement 2048 bit DKIM keys on CWP servers.
« Reply #5 on: March 25, 2023, 08:38:43 PM »
Here's a shot in the dark, since I am sticking with the default 1024 for the time being.
/etc/opendkim.conf
Quote
MinimumKeyBits (integer)
Establishes a minimum key size for acceptable signatures. Signatures with smaller key sizes, even if they otherwise pass DKIM validation, will me marked as invalid. The default is 1024, which accepts all signatures. A value of 0 causes the default to be used.

Offline
*
Re: How to implement 2048 bit DKIM keys on CWP servers.
« Reply #6 on: April 04, 2023, 02:09:48 PM »
So is there a way to make 2048 bit DKIM keys installed by default on all accounts?

I have try over Postfix Mail Manager and did'nt work.
So I had to edit dns settings on my Domain registar.

I am using PhPMailer for emails from my website, so I found the related answer here:

https://medium.com/@djaho/how-to-create-dkim-keys-and-use-them-with-phpmailer-a6003449c718

There is a section where You can find procedure and use it over SSH on your server (if you have access) to generate the DKIM 2048

There are the two command lines which you can use to generate a 2048 bit password protected private key file and a (non-password protected) public key file.
« Last Edit: April 04, 2023, 02:21:19 PM by ljubivoje »