| 73 |
- |
1 |
<?php
|
|
|
2 |
/**
|
|
|
3 |
* This shows how to make a new public/private key pair suitable for use with DKIM.
|
|
|
4 |
* You should only need to do this once, and the public key (**not** the private key!)
|
|
|
5 |
* you generate should be inserted in your DNS matching the selector you want.
|
|
|
6 |
*
|
|
|
7 |
* You can also use the DKIM wizard here: https://www.port25.com/support/domainkeysdkim-wizard/
|
|
|
8 |
* but be aware that having your private key known anywhere outside your own server
|
|
|
9 |
* is a security risk, and it's easy enough to create your own on your own server.
|
|
|
10 |
*
|
|
|
11 |
* For security, any keys you create should not be accessible via your web site.
|
|
|
12 |
*
|
|
|
13 |
* 2048 bits is the recommended minimum key length - gmail won't accept less than 1024 bits.
|
|
|
14 |
* To test your DKIM config, use Port25's DKIM tester:
|
|
|
15 |
* https://www.port25.com/support/authentication-center/email-verification/
|
|
|
16 |
*
|
|
|
17 |
* Note that you only need a *private* key to *send* a DKIM-signed message,
|
|
|
18 |
* but receivers need your *public* key in order to verify it.
|
|
|
19 |
*
|
|
|
20 |
* Your public key will need to be formatted appropriately for your DNS and
|
|
|
21 |
* inserted there using the selector you want to use.
|
|
|
22 |
*/
|
|
|
23 |
|
|
|
24 |
//Set these to match your domain and chosen DKIM selector
|
|
|
25 |
$domain = 'findcheapmusic.com';
|
|
|
26 |
$selector = 'phpmailer';
|
|
|
27 |
|
|
|
28 |
//Path to your private key:
|
|
|
29 |
$privatekeyfile = 'dkim_private.pem';
|
|
|
30 |
//Path to your public key:
|
|
|
31 |
$publickeyfile = 'dkim_public.pem';
|
|
|
32 |
|
|
|
33 |
if (file_exists($privatekeyfile)) {
|
|
|
34 |
echo "Using existing keys - if you want to generate new keys, delete old key files first.\n\n";
|
|
|
35 |
$privatekey = file_get_contents($privatekeyfile);
|
|
|
36 |
$publickey = file_get_contents($publickeyfile);
|
|
|
37 |
} else {
|
|
|
38 |
//Create a 2048-bit RSA key with an SHA256 digest
|
|
|
39 |
$pk = openssl_pkey_new(
|
|
|
40 |
[
|
|
|
41 |
'digest_alg' => 'sha256',
|
|
|
42 |
'private_key_bits' => 2048,
|
|
|
43 |
'private_key_type' => OPENSSL_KEYTYPE_RSA,
|
|
|
44 |
]
|
|
|
45 |
);
|
|
|
46 |
//Save private key
|
|
|
47 |
openssl_pkey_export_to_file($pk, $privatekeyfile);
|
|
|
48 |
//Save public key
|
|
|
49 |
$pubKey = openssl_pkey_get_details($pk);
|
|
|
50 |
$publickey = $pubKey['key'];
|
|
|
51 |
file_put_contents($publickeyfile, $publickey);
|
|
|
52 |
$privatekey = file_get_contents($privatekeyfile);
|
|
|
53 |
}
|
|
|
54 |
echo "Private key (keep this private!):\n\n" . $privatekey;
|
|
|
55 |
echo "\n\nPublic key:\n\n" . $publickey;
|
|
|
56 |
|
|
|
57 |
//Prep public key for DNS, e.g.
|
|
|
58 |
//phpmailer._domainkey.example.com IN TXT "v=DKIM1; h=sha256; t=s; p=" "MIIBIjANBg...oXlwIDAQAB"...
|
|
|
59 |
$dnskey = "$selector._domainkey.$domain IN TXT";
|
|
|
60 |
//Some DNS server don't like ; chars unless backslash-escaped
|
|
|
61 |
$dnsvalue = '"v=DKIM1\; h=sha256\; t=s\; p=" ';
|
|
|
62 |
|
|
|
63 |
//Strip and split the key into smaller parts and format for DNS
|
|
|
64 |
//Many DNS systems don't like long TXT entries
|
|
|
65 |
//but are OK if it's split into 255-char chunks
|
|
|
66 |
//Remove PEM wrapper
|
|
|
67 |
$publickey = preg_replace('/^-+.*?-+$/m', '', $publickey);
|
|
|
68 |
//Strip line breaks
|
|
|
69 |
$publickey = str_replace(["\r", "\n"], '', $publickey);
|
|
|
70 |
//Split into chunks
|
|
|
71 |
$keyparts = str_split($publickey, 253); //Becomes 255 when quotes are included
|
|
|
72 |
//Quote each chunk
|
|
|
73 |
foreach ($keyparts as $keypart) {
|
|
|
74 |
$dnsvalue .= '"' . trim($keypart) . '" ';
|
|
|
75 |
}
|
|
|
76 |
echo "\n\nDNS key:\n\n" . trim($dnskey);
|
|
|
77 |
echo "\n\nDNS value:\n\n" . trim($dnsvalue);
|