tl;dr: The main reason this how-to is written is the way PuTTYGen saves the keys! they need to be stored as openssh keys and not as as ssh keys, which is the default mode when using the save private|public key buttons.

so if you already know this is something you need to consider, this how-to might not help.

In case you are looking for a nice how-to, well, open PuTTYGen, select RSA as key type, and 1024 or 2048 bits for the generated key; move your mouse on the empty place to generate randomness, and after a while, voila! you have your key!

now one needs to remember the quote above! I spent around 4 hours trying to find out why my DKIM key pair is not working. I just missed the point, that PuTTYGenby default saves the files as SSH-Keys which are not the format needed for mail servers and also the format for DKIM record; so I tried to give the ssh keys to my mail-server and as DKIM record, and could not understand why tools like dmark-analyzer's DKIM check would not validate my public key!

so, to properly save your keys:

  1. go to conversions menu, and select export OpenSSH Key, select the path you want for your private key.
  2. now you need to create your public key from your private key. to do so, you need openssl – which is usually delivered with apache if you use its windows builds – or a similar tool, which generates public keys from private keys. let’s assume you have openssl. open command prompt, use the following command to generate public key from the key generated in previous step (assuming it’s stored in c:\private.key):
openssl rsa -in c:\private.key -pubout -out c:\public.pem

there you go! now you can use these 2 keys for your mail server and DKIM record! 🙂

PS: maybe there is a way to generate openssh public key with PuTTYGen too, but I don’t know about it. if I find something out, I’ll update this post…

Comments are closed, but trackbacks and pingbacks are open.