On Thu, 1 May 2008, Zbigniew Szalbot wrote: > I am planning to change my DKIM keys from rsa-sha1 to rsa-sha256 as > advised on this forum. Previously I used an online wizard to generate > rsa-sha1 keys. Will the following (take from > http://www.ietf.org/rfc/rfc4871.txt - Appendix C) allow me to create > rsa-sha256 keys?
You don't need to generate new keys. The name "rsa-sha1" describes an algorithm that uses SHA1 to generate hashes, and then an RSA key to sign them. Similarly, "rsa-sha256" uses SHA256 to make hashes and an RSA key to sign them. Since both use RSA keys, the keys you have are just fine. All you need to do is tell the filter to use the other algorithm. > And having the public key, do I enter > "k=rsa256;" in the DNS server? Currently I have "k=rsa;" in there. Nope, that doesn't need to change. Same reasons. ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
