Bootstrap FreeKB - Postfix (Email) - Resolve "opendkim-testkey: keys do not match"
Postfix (Email) - Resolve "opendkim-testkey: keys do not match"
Updated:   |  Postfix (Email) articles

Let's say you have created an OpenDKIM private key using opendkim-genkey.

sudo opendkim-genkey --bits 2048 --domain example.com --directory /etc/opendkim/keys/ --selector default

 

But then when you using opendkim-testkey, keys do not match is being returned.

~]$ sudo opendkim-testkey -x /etc/opendkim.conf -d example.com -s default -k /etc/opendkim/keys/default.private -vvv
opendkim-testkey: key loaded from /etc/opendkim/keys/default.private
opendkim-testkey: checking key 'default._domainkey.example.com'
opendkim-testkey: keys do not match

 

The most likely issue is that the content of the /etc/opendkim/keys/default.txt file does not match the output of the dig command. For example, let's say the dig command returns the following.

~]$ dig default._domainkey.example.com TXT

;; ANSWER SECTION:
default._domainkey.example.com. 86400 IN    TXT     "v=DKIM1; h=sha256; k=rsa;" "p=MIIBIjJDK89vmfjd8d79w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAfFudpVW8ieZDGcPHBgqRo85n3VrM7QCjOGgIokjRroE7ZdRamzHWIBye9kRP/c5emS2YkakdR2r0tc2uPba6IpQb39VOjdBmVLRlTRMffBGRB+Copx5I7dFe2y36k33lv8d2sZjlXZCE8QDYSGI07h5HNjfx+3pHtX2/ldarcmTTqmibx/myc5B+11u0+eXo9PSDFLb9fusdflf"        "Vmdjv8dhmdT6OYEzMSJKgBWiazCh/R/WHKZU9pn4Lh7r8oH3zCw72AUOneWu5ApdbqH+B4oC/Lfs0rOojGTxuMKTsq1XPZV04dx7+WUdHfH7O2+DjDJvy9J/DmF+x9Ng9U3o7fh48fm98"

 

And let's say default.txt contains the following. Notice this does not match the output of the dig command. In this example, the solution would be to update DNS to contain the content of the default.txt file.

~]$ sudo cat /etc/opendkim/keys/default.txt
default._domainkey      IN      TXT     ( "v=DKIM1; k=rsa; "
          "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/Nfuo5FmBkOUk1MbL7kFYpEq37a+SoKnGNrS0lFOfBwoIshRAOij+Pd4Zha4pR2f5f/feF5jMgdDBu+XUV9rsKrTrEN6POivzRuq5nN04fc1WscM9A7wZUWqAe6TYpLItZpxsEUBY6t9TwEr3R7q/3gPG1t5aV2+NqSw9BOTY1cGNDhyM37Oj3NA5v4dqnnizwUNz9yaZMD7W"
          "rfk57PKMv5ArDeL++q0VkfhVxeA9s8OeA0v7es2x0Vn2aWz1vGplJcy8FYs/JkeZbhCtmsg/VPcTuTmM8GbG1sKBk5mah5DyFlaWot1e5GAALph1SHetm1ExZm/AjYtiKh/6ZBaQIDAQAB" )  ; ----- DKIM key default for example.com

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 310961 in the box below so that we can be sure you are a human.