DKIM authentication of valid email fails when using 1536 or 2048 bit keys
search cancel

DKIM authentication of valid email fails when using 1536 or 2048 bit keys

book

Article ID: 152120

calendar_today

Updated On:

Products

Messaging Gateway Messaging Gateway for Service Providers

Issue/Introduction

DKIM authentication of valid email fails after creating and configuring a DKIM key either 1536 or 2048 bits long, and adding the associated DNS TXT record to your DNS server. DKIM authentication using a 1024 bit key, however, works without issue.

Cause

Some DNS servers will not accept or serve the long TXT records generated by 1536 bit or 2048 bit DKIM keys.

Resolution

Please consult the DNS server documentation before using DKIM keys greater than 1024 bits in length. This helps ensure that the full TXT record associated with the DKIM key will be served by the DNS infrastructure.

For Windows 2003 and 2008 DNS servers, the long DKIM keys can be broken up into multiple lines when entering the record into the DNS management tool. A single long line will be truncated at 256 characters, but multiple lines will be accepted. For example, the following DKIM record would be truncated when entering it into dnsmgmt:

"v=DKIM1; k=rsa; h=sha256 p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLj8Fw4H27vKcm3BVChkxgM2fjHUCQGxrp8jeYgdWRdsF3w5lWKICVawjkISzpQqF7wwgRWMNVAxxCs2opJKHpmTPsdRfRnHuqCdBgEDBUT3717k74qDCoP7TGVgQmB3DWm2vsg/LmaHpAk1OQ9MV5W0WnH3XEaJmtR67OAEuEABdjBX0A3V+5lb1piwpkL7RUyOPkNEyIjSILC4c2Zn7+HaM4CP8hJ8ZEx8bCFhkML4PbiEQZoXuxe5D+DB8mNt6UwzyjfbMZ1CeGEWLZpkcRlBgPx75XIeh9yVyw0bHctaCr43xwnb41KuluCzXD8sLFbYpYDyQThIqUXrGtv48wIDAQAB"

The same record, broken up into multiple lines would be correctly stored and served by the Windows DNS server:

"v=DKIM1; k=rsa; h=sha256 p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLj8Fw4H27vKcm3BVChkxgM2fjHUCQGxrp8jeYgdWRdsF3w5lWKICVawjkISzpQqF7wwgRWMNVAxxCs2opJKHpmTPsdRfRn HuqCdBgEDBUT3717k74qDCoP7TGVgQmB3DWm2vsg/LmaHpAk1OQ9MV5W0WnH3XEaJmtR67OAEuEABdjBX0A3V+5lb1piwpkL7RUyOPkNEyIjSILC4c2Zn7+HaM4CP8hJ8ZEx8bCFhk ML4PbiEQZoXuxe5D+DB8mNt6UwzyjfbMZ1CeGEWLZpkcRlBgPx75XIeh9yVyw0bHctaCr43xwnb41KuluCzXD8sLFbYpYDyQThIqUXrGtv48wIDAQAB"