Add openarc-genkey so that we don't have to rely on opendkim #14
Conversation
These files are based on similar files from the OpenDKIM project, with OpenDKIM (and spelling variants) changed to OpenARC (and spelling variants); DKIM changed to ARC but once; and the change of the key-file-names to the structure <selector>.<domain>.key, and <selector>.<domain>.pub
This increase of crypto-security follows how Debian patches OpenDKIM, which, I presume, means that all important mail servers can handle those keys.
Adapted the man-page to reflect the new defaults in key strength and hash algorithm size.
|
Please create PRs against I have mixed feelings about this overall, which would be less mixed if this tool weren't written in Perl. If we have to introduce another run-time dependency for the package I would much prefer that it be Python, since that's already a (weak) compile-time dependency. I'm on vacation this week so I shouldn't really be spending time on work stuff, but this is a fairly trivial script so I might take a swing at rewriting it after that. |
|
Or maybe I'll start on it now. https://github.com/flowerysong/OpenARC/blob/eba0daa97bf32ccae0d0130955ace423d5145bdc/contrib/openarc-keygen is gratuitously incompatible in fun little ways, but it appears to more or less work. |
|
Looks good to me. Some different flags for command line options, but I think pretty much everything is there. Output looks good to me, too. Thanks for setting that up; I would have only had time again towards the weekend. I agree with not adding more dependencies. Enjoy your vacation! |
Currently, OpenARC relies on opendkim-genkey to be installed in order to generate keys (this is the method mentioned). The keys can also be generated manually by using openssl.
This now merges openarc's own openarc-genkey (a modified version from opendkim) into openarc, so as to no longer rely on opendkim-genkey being installed.