skip to content

System: DKIM Key Pair Generator

This tool uses our previously presented PHP code for generating a private key and BIND TXT entry for DKIM signing and validation.

It's important to note that neither the private nor public components of the keys required for DKIM signing and validation contain any information about the domain, selector or anything else. If you use a different online generator you should obfuscate those values.

Generate a new DKIM Key-pair

Click the button below to generate a new DKIIM private key and public DNS TXT record in BIND format. In the BIND record you will need to replace 'xxx' with your desired selector.

The private key should be kept secure and private at all times. It will be used to sign outbound emails. The public key is, public, and is used to verify DKIM-signed emails.

Private Key:

Public Key DNS Entry:

The above tool will generate a 2048-bit private key in RSA (OPENSSL_KEYTYPE_RSA) format, and a public key in BIND format. If you have different requirements, you can use this code as starting point.

As described elsewhere, the public key is extracted from the private key, so they must be generated simultaneously and can only work together as a pair.

And while you could use a single key-pair to cover any number of domains, best practice is to have one for each domain and sender so they can be easily revoked and replaced.

< SysAdmin

Post your comment or question