메일인증용 DKIM 키 만드는 방법
네임서버에 넣어줄 키 만드는 방법입니다.
그리고 이것을 이용해서 메일 보낼때 암호화 하는데 사용 합니다.
만드는 방법은 아래와 같습니다.
/**
* DKIM is used to sign e-mails. If you change your RSA key, apply modifications to
* the DNS DKIM record of the mailing (sub)domain too !
* Disclaimer : the php openssl extension can be buggy with Windows, try with Linux first
*
* To generate a new private key with Linux :
* openssl genrsa -des3 -out private.pem 1024
* Then get the public key
* openssl rsa -in private.pem -out public.pem -outform PEM -pubout
*/
openssl genrsa -des3 -out /phptest/dkim_private.pem 1024
openssl rsa -in /phptest/dkim_private.pem -out /phptest/dkim_public.pem -outform PEM -pubout
----------------------------------------------------
[root@pabburi /phptest] openssl genrsa -des3 -out /phptest/dkim_private.pem 1024
Generating RSA private key, 1024 bit long modulus
...................++++++
.....................................++++++
e is 65537 (0x10001)
Enter pass phrase for /phptest/dkim_private.pem:
Verifying - Enter pass phrase for /phptest/dkim_private.pem:
[root@pabburi /phptest] openssl rsa -in /phptest/dkim_private.pem -out /phptest/dkim_public.pem -outform PEM -pubout
Enter pass phrase for /phptest/dkim_private.pem:
writing RSA key
[root@pabburi /phptest] ls -al *.pem
-rw-r--r-- 1 root root 963 5월 1 22:28 dkim_private.pem
-rw-r--r-- 1 root root 272 5월 1 22:28 dkim_public.pem
[root@pabburi /phptest] cat dkim_private.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,9BF0EE0BCBA5F6C4
LkYdy5dc19ceSHahA3hh2cItNfugongIP7iw/DOrqPi/V7AJ2DR0YCih7pG4rL7D
mDGnqoAWku5JYNGiRXc0JmdSHXB7Z0Pv5BAfgLiIjHbEJrH7TcfctVINfgoiSSbV
BcEeM/r1fVhzDVHG+bVeZKm908caNjWPlFMYTba9f9XES8bpfdiargVmEtIQ3bUE
ADL4kwKdG0r3ThGXaPbfWx5IY1+7viQJYrFZv0QH7B+jJk2sZNTWNyW1lK527O4Q
sQRWctF1BO6nhVLM7b+jEWpfyR9oWWBzRihZG6fJEn9ETKoyO1uPi+zV9Ozs7473
RDtZXEZZFJnaWlBwxQusrD7UDNJiRmLNPqLxCy6SbOJF2Fy9QnEbB67HS4W0OA9X
pckVUmQOdZQgRPV1LztKUk41q/ammJkFGyTvbNDtsk8QAJm8ISwLJsLjLpaJwqEV
Yek0xfY1Bg+KnAwhoEGfbrB1xAZP3PHER/e4zXuK1zD+n0cXwqyU4NMBdIVws7io
xA8iUvpcV50XCxIjajZsOL35bhO3hdDoIDXZ8obJoFN5xGmmZ9OxyxHhsJxmwOZ2
WNmYL51GyNCw0h7z2iRfBZKSlRRDEf9plbo+aojgJoX8e4CF6zF/0DqY8ARleLfC
RYLfRmw+YOccMLvHRJTDgUvVfEEBlWwM23WJraE1S1Fz4TTdKvWDK3UJ8ZCGksPc
UDF7IjcQ1Qlgbg+350vBQBKZlfnKqOxCR9WvhzPboXLQVqUEoCeMX4kvEcgcwJ9n
ZqXPt+K6WYf0uxUwwd0jQn7/0ypmSs37OR1RULOEyl0UY9y3L88Awg==
-----END RSA PRIVATE KEY-----
[root@pabburi /phptest] cat dkim_public.pem
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGtwot/PKOm5zRWpo1PUcrmJhN
qUvkrEn8kCduFSIgpJskYqY+50H6BhelI/xdY1MmOAsYIbEm327Pjoa76JEu9CiW
nx+ND+MPwKzM9sdIdn7P5OaIKY9/rS7hN5qXzaHVKsDLUpesJdzRiZcSfV4u15NN
9/BKRwXcX0rwCOuvkQIDAQAB
-----END PUBLIC KEY-----
[root@pabburi /phptest]
네임서버의 txt레코드에 넣을때는 위에 여러줄러 되어 있는것을 한줄로 붙여서 넣으면 됩니다.
● 네임서버 DKIM 설정
퍼블릭키 파일을 등록 한다.
default._domainkey.pabburi.co.kr. IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGtwot/PKOm5zRWpo1PUcrmJhNqUvkrEn8kCduFSIgpJskYqY+50H6BhelI/xdY1MmOAsYIbEm327Pjoa76JEu9CiWnx+ND+MPwKzM9sdIdn7P5OaIKY9/rS7hN5qXzaHVKsDLUpesJdzRiZcSfV4u15NN9/BKRwXcX0rwCOuvkQIDAQAB;"
● 설정에 문제 없는지 확인해 본다.
dig default._domainkey.pabburi.co.kr txt
● 네임서버 DKIM 키 체크해주는곳
https://www.mail-tester.com/spf-dkim-check
https://dkimcore.org/c/keycheck