-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add openarc-genkey so that we don't have to rely on opendkim #14
Conversation
These files are based on similar files from the OpenDKIM project, with OpenDKIM (and spelling variants) changed to OpenARC (and spelling variants); DKIM changed to ARC but once; and the change of the key-file-names to the structure <selector>.<domain>.key, and <selector>.<domain>.pub
This increase of crypto-security follows how Debian patches OpenDKIM, which, I presume, means that all important mail servers can handle those keys.
Adapted the man-page to reflect the new defaults in key strength and hash algorithm size.
Please create PRs against I have mixed feelings about this overall, which would be less mixed if this tool weren't written in Perl. If we have to introduce another run-time dependency for the package I would much prefer that it be Python, since that's already a (weak) compile-time dependency. I'm on vacation this week so I shouldn't really be spending time on work stuff, but this is a fairly trivial script so I might take a swing at rewriting it after that. |
Or maybe I'll start on it now. https://github.com/flowerysong/OpenARC/blob/eba0daa97bf32ccae0d0130955ace423d5145bdc/contrib/openarc-keygen is gratuitously incompatible in fun little ways, but it appears to more or less work. |
Looks good to me. Some different flags for command line options, but I think pretty much everything is there. Output looks good to me, too. Thanks for setting that up; I would have only had time again towards the weekend. I agree with not adding more dependencies. Enjoy your vacation! |
Currently, OpenARC relies on opendkim-genkey to be installed in order to generate keys (this is the method mentioned). The keys can also be generated manually by using openssl.
This now merges openarc's own openarc-genkey (a modified version from opendkim) into openarc, so as to no longer rely on opendkim-genkey being installed.