Check strength of a DKIM record

If you know the selector for a domain, and you want to check the strength of the key in use, you can find that by following this procedure:
(if you do not know the selector, look for it in the content of s= in the DKIM-Signature header of a message from the domain in question)

1. retrieve the public key:
dig +short txt s1024._domainkey.agari.com
"v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQwPqBxkIOc1YVnJv3Occfbd3S68p8E5BafsirMBaSPxqIgnzaxNSyPp8INEPL61cIRKo3u195Px5XHNwjEfq76BvDu7eUYXxY8zKcAS74heKAeyfpVaMFWHUzCoujPNzzorCIRtP5CuY+ILw+Vj1SKN6xlBWhouCSHWhOr/vcYQIDAQAB"

2. place the content of the p= section (without the 'p=') in a file.  In the file the top and bottom lines respectively should be:
-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----
The content needs to be no longer than about 78 characters per line, so you should end up with a file with content like so:

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQwPqBxkIOc1YVnJv3Occfbd3S68p8E5BafsirM
BaSPxqIgnzaxNSyPp8INEPL61cIRKo3u195Px5XHNwjEfq76BvDu7eUYXxY8zKcAS74heKAeyfpVa
MFWHUzCoujPNzzorCIRtP5CuY+ILw+Vj1SKN6xlBWhouCSHWhOr/vcYQIDAQAB
-----END PUBLIC KEY-----

3. Save the file and run this openssl command: (results shown assuming you have named the file 'keytest')
openssl rsa -noout -text -pubin < keytest
Public-Key: (1024 bit)
Modulus:
    00:d0:c0:fa:81:c6:42:0e:73:56:15:9c:9b:f7:39:
    c7:1f:6d:dd:d2:eb:ca:7c:13:90:5a:7e:c8:ab:30:
    16:92:3f:1a:88:82:7c:da:c4:d4:b2:3e:9f:08:34:
    43:cb:eb:57:08:44:aa:37:bb:5f:79:3f:1e:57:1c:
    dc:23:11:fa:bb:e8:1b:c3:bb:b7:94:61:7c:58:f3:
    32:9c:01:2e:f8:85:e2:80:7b:27:e9:55:a3:05:58:
    75:33:0a:8b:a3:3c:dc:f3:a2:b0:88:46:d3:f9:0a:
    e6:3e:20:bc:3e:56:3d:52:28:de:b1:94:15:a1:a2:
    e0:92:1d:68:4e:af:fb:dc:61
Exponent: 65537 (0x10001)

The '1024 bit' shown in that output is the key strength.

Have more questions? Submit a request

1 Comments

Please sign in to leave a comment.
Powered by Zendesk