Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 980 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DKIM Signing (not Working) - Clarification

Lloyd Playfair

As note by a German forum poster  the DKIM Private Key needs to be inside the -----BEGIN RSA PRIVATE KEY-----  -----END RSA PRIVATE KEY----- annoyingly  the GUI upload does  certain checks (told me the key wasn't 2048 bits when I was  using the wrong key) but happily accepts the key without the begin and end bits and in turn DKIM signing won't work until this is rectified .   

e.g.

-----BEGIN RSA PRIVATE KEY-----
sieufhpseiufdpisuoefhioesuhf
ppeuifdhsepiufh .....
-----END RSA PRIVATE KEY-----



This thread was automatically locked due to age.
Parents Reply Children
  • +1 in reply to Vivek Jagad

    Hi Vivek,

    Thanks for the extra links/info, I got DKIM working, but as I mentioned, it was just a clarification for others, as similar to the German poster I spent a few hours trying to figure out why DKIM signing wasn't working. Sadly none of the linked documentation shows what the DKIM Signing, Private RSA key entry should look like in the GUI.  So I'll add my image below again for other users' clarification, in the hopes it will save them hours of troubleshooting.

    I think the Private RSA key header confusion in my case was caused due to the fact the DKIM DNS TXT record doesn't require the -----BEGIN/END RSA PRIVATE KEY----- header/footer whereas the Sophos XG entry does require it. Also, I did use PuTTYgen initially but that was where I got the GUI error message about the key being 1024 or not being 2048 (can't remember 100% now, but I know I did generate the key with 2048 bits as documented) so I removed "header/footer" from the key and it was accepted by the GUI but then it didn't work/add the DKIM signing.

    In the end, I used an online tool DKIM Record Generator - DKIM tools | EasyDMARC for the PRI/PUB keys as the PuTTYgen keys (generated the keys multiple times as I was trying to figure out what I was doing wrong) were still causing errors/no signing.

    anyway, thanks again.

  • 0 in reply to Lloyd Playfair

    Thank you for your inputs   !

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Lloyd Playfair

    Hello Lloyd,

    Thank you for your contribution to the community.

    I have asked the Doc team to update our online documentation with an example of how the Private RSA Key should look when entering it in the Firewall.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to Lloyd Playfair

    In case this helps anyone, I also ran into problems with generating a valid key through PuTTygen but did not have any issues using openSSL.

Unfiltered HTML