for generated dkim keys, use clearer file names

with ".rsa2048.privatekey.pkcs8.pem", instead of "rsakey.pkcs8.pem". "rsakey" doesn't say if it is a public or private key.
mjl- · Oct 13, 2023 · 4004054 · 4004054
1 parent 4e26fd1
commit 4004054
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 9 deletions.
diff --git a/doc.go b/doc.go
@@ -45,8 +45,8 @@ low-maintenance self-hosted email.
 	mox dane dialmx domain [destination-host]
 	mox dane makerecord usage selector matchtype [certificate.pem | publickey.pem | privatekey.pem]
 	mox dns lookup [ptr | mx | cname | ips | a | aaaa | ns | txt | srv | tlsa] name
-	mox dkim gened25519 >$selector._domainkey.$domain.ed25519key.pkcs8.pem
-	mox dkim genrsa >$selector._domainkey.$domain.rsakey.pkcs8.pem
+	mox dkim gened25519 >$selector._domainkey.$domain.ed25519.privatekey.pkcs8.pem
+	mox dkim genrsa >$selector._domainkey.$domain.rsa2048.privatekey.pkcs8.pem
 	mox dkim lookup selector domain
 	mox dkim txt <$selector._domainkey.$domain.key.pkcs8.pem
 	mox dkim verify message
@@ -693,7 +693,7 @@ strength. This is convenient because of maximum DNS message sizes. At the time
 of writing, not many mail servers appear to support ed25519 DKIM keys though,
 so it is recommended to sign messages with both RSA and ed25519 keys.
 
-	usage: mox dkim gened25519 >$selector._domainkey.$domain.ed25519key.pkcs8.pem
+	usage: mox dkim gened25519 >$selector._domainkey.$domain.ed25519.privatekey.pkcs8.pem
 
 # mox dkim genrsa
 
@@ -702,7 +702,7 @@ Generate a new 2048 bit RSA private key for use with DKIM.
 The generated file is in PEM format, and has a comment it is generated for use
 with DKIM, by mox.
 
-	usage: mox dkim genrsa >$selector._domainkey.$domain.rsakey.pkcs8.pem
+	usage: mox dkim genrsa >$selector._domainkey.$domain.rsa2048.privatekey.pkcs8.pem
 
 # mox dkim lookup
 

diff --git a/main.go b/main.go
@@ -1554,7 +1554,7 @@ func ctlcmdQueueDump(ctl *ctl, id string) {
 }
 
 func cmdDKIMGenrsa(c *cmd) {
-	c.params = ">$selector._domainkey.$domain.rsakey.pkcs8.pem"
+	c.params = ">$selector._domainkey.$domain.rsa2048.privatekey.pkcs8.pem"
 	c.help = `Generate a new 2048 bit RSA private key for use with DKIM.
 
 The generated file is in PEM format, and has a comment it is generated for use
@@ -2082,7 +2082,7 @@ mox dns lookup tlsa _25._tcp.xmox.nl
 }
 
 func cmdDKIMGened25519(c *cmd) {
-	c.params = ">$selector._domainkey.$domain.ed25519key.pkcs8.pem"
+	c.params = ">$selector._domainkey.$domain.ed25519.privatekey.pkcs8.pem"
 	c.help = `Generate a new ed25519 key for use with DKIM.
 
 Ed25519 keys are much smaller than RSA keys of comparable cryptographic

diff --git a/mox-/admin.go b/mox-/admin.go
@@ -109,7 +109,7 @@ func MakeDKIMRSAKey(selector, domain dns.Domain) ([]byte, error) {
 	block := &pem.Block{
 		Type: "PRIVATE KEY",
 		Headers: map[string]string{
-			"Note": dkimKeyNote("rsa", selector, domain),
+			"Note": dkimKeyNote("rsa-2048", selector, domain),
 		},
 		Bytes: pkcs8,
 	}
@@ -194,7 +194,7 @@ func MakeDomainConfig(ctx context.Context, domain, hostname dns.Domain, accountN
 
 	addSelector := func(kind, name string, privKey []byte) error {
 		record := fmt.Sprintf("%s._domainkey.%s", name, domain.ASCII)
-		keyPath := filepath.Join("dkim", fmt.Sprintf("%s.%s.%skey.pkcs8.pem", record, timestamp, kind))
+		keyPath := filepath.Join("dkim", fmt.Sprintf("%s.%s.%s.privatekey.pkcs8.pem", record, timestamp, kind))
 		p := configDirPath(ConfigDynamicPath, keyPath)
 		if err := writeFile(p, privKey); err != nil {
 			return err
@@ -223,7 +223,7 @@ func MakeDomainConfig(ctx context.Context, domain, hostname dns.Domain, accountN
 		if err != nil {
 			return fmt.Errorf("making dkim rsa private key: %s", err)
 		}
-		return addSelector("rsa", name, key)
+		return addSelector("rsa2048", name, key)
 	}
 
 	if err := addEd25519(year + "a"); err != nil {