generate-dkim.sh raw

   1  #!/usr/bin/env bash
   2  # Generate a DKIM RSA-2048 key pair for the Nostr-Email bridge.
   3  #
   4  # Usage: ./scripts/generate-dkim.sh <domain> [selector]
   5  #
   6  # Generates:
   7  #   dkim-private.pem  — private key (set ORLY_BRIDGE_DKIM_KEY to this path)
   8  #   Prints the DNS TXT record to add for DKIM verification
   9  #
  10  # The selector defaults to "marmot" if not specified.
  11  
  12  set -euo pipefail
  13  
  14  DOMAIN="${1:-}"
  15  SELECTOR="${2:-marmot}"
  16  
  17  if [ -z "$DOMAIN" ]; then
  18      echo "Usage: $0 <domain> [selector]"
  19      echo ""
  20      echo "Example: $0 relay.example.com marmot"
  21      echo ""
  22      echo "This generates dkim-private.pem and prints the DNS TXT record."
  23      exit 1
  24  fi
  25  
  26  KEYFILE="dkim-private.pem"
  27  
  28  if [ -f "$KEYFILE" ]; then
  29      echo "Error: $KEYFILE already exists. Remove it first or use a different directory."
  30      exit 1
  31  fi
  32  
  33  echo "Generating RSA-2048 key pair..."
  34  openssl genrsa -out "$KEYFILE" 2048 2>/dev/null
  35  
  36  # Extract public key in DER format, base64 encode (single line)
  37  PUBKEY=$(openssl rsa -in "$KEYFILE" -pubout -outform DER 2>/dev/null | openssl base64 -A)
  38  
  39  chmod 600 "$KEYFILE"
  40  
  41  echo ""
  42  echo "Private key written to: $KEYFILE"
  43  echo "  Set ORLY_BRIDGE_DKIM_KEY=$(pwd)/$KEYFILE"
  44  echo "  Set ORLY_BRIDGE_DKIM_SELECTOR=$SELECTOR"
  45  echo ""
  46  echo "Add this DNS TXT record:"
  47  echo ""
  48  echo "  ${SELECTOR}._domainkey.${DOMAIN}.  IN  TXT  \"v=DKIM1; k=rsa; p=${PUBKEY}\""
  49  echo ""
  50  echo "You can verify it after propagation with:"
  51  echo "  dig TXT ${SELECTOR}._domainkey.${DOMAIN}"
  52