Generate keys

#!/bin/bash

# Check if required arguments are provided
if [ $# -ne 2 ]; then
  echo "Usage: $0 <DOMAIN> <SELECTOR>"
  exit 1
fi

# Set variables
DOMAIN=$1
SELECTOR=$2
PRIVATE_KEY_FILE="${SELECTOR}.private"

# Generate Ed25519 private key
echo "Generating private key for ${DOMAIN} ${SELECTOR}"
openssl genpkey -algorithm ed25519 -out "${PRIVATE_KEY_FILE}"

# Generate public key and DKIM record
echo "Generating public key and DKIM record for ${SELECTOR}._domainkey.${DOMAIN}"
PUBLIC_KEY=$(openssl pkey -in "${PRIVATE_KEY_FILE}" -pubout)
DKIM_RECORD="v=DKIM1; k=ed25519; s=${SELECTOR}; p=$(echo "${PUBLIC_KEY}" | openssl asn1parse -offset 12 -noout -out /dev/stdout | openssl base64 -A)"

# Print DKIM record
echo "${SELECTOR}._domainkey.${DOMAIN}. IN TXT \"${DKIM_RECORD}\"" > ${SELECTOR}.txt

Update DNS records

Create the DNS record for the selector in the DNS management console of your domain registrar. The record should be of type TXT and the value should be the content of the file generated in the <SELECTOR>.txt file.

NOTE: Update key_table and signing_table files in /etc/opendkim/ directory.

Generate keys#

Update DNS records#

Generate keys

Update DNS records