system: Linux mars.sprixweb.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
cmd: 

Direktori : /sbin/
Upload File :
Current File : //sbin/opendkim-genkey

#!/usr/bin/perl
##
## Copyright (c) 2005-2008 Sendmail, Inc. and its suppliers.
## All rights reserved.
##
## Copyright (c) 2009-2013, The Trusted Domain Project.  All rights reserved.
##
## opendkim-genkey -- generate a key and/or TXT record for DKIM service
##
## The output of this script includes two files based on the
## selector name:
##
## 	<selector>.private	PEM-formatted private key, for use by
## 				opendkim when signing messages
##
## 	<selector>.txt		A DNS TXT record suitable for insertion
## 				into or inclusion by a DNS zone file
## 				in order to publish the public key
## 				for retrieval by verifiers

use strict;
use warnings;

use File::Basename;
use Getopt::Long;

##
## Set up defaults
##

my $bits = 1024;
my $domain = "example.com";
my $version = "example.com";
my $outdir = ".";
my $nosubdomains = 0;
my $subdomains = 1;
my $hashalgs;
my $note;
my $flags = "";
my $selector = "default";
my $restricted = 0;
my $testmode = 0;
my $verbose = 0;
my $append = 0;
my $showversion = 0;
my $keyin;
my $status;
my $txtout;
my $keydata;
my $helponly;
my $hashout;
my $noteout;
my $comment;
my $len;
my $cur;
my $domstr;

my $progname = basename($0);

##
##  Usage message
##

sub usage
{
	print STDERR "$progname: usage: $progname [options]\n";
	print STDERR "\t--append-domain        include domain name in zone file stub\n";
	print STDERR "\t--bits=n               use n bits to generate the key\n";
	print STDERR "\t--directory=path       leave output in the named directory\n";
	print STDERR "\t--domain=name          generate data for the named domain [$domain]\n";
	print STDERR "\t--hash-algorithms=list limit to use of the named algorithm(s)\n";
	print STDERR "\t--help                 print help and exit\n";
	print STDERR "\t--note=string          include specified note in zone data\n";
	print STDERR "\t--restrict             restrict key to email use only\n";
	print STDERR "\t--selector=name        selector name [$selector]\n";
	print STDERR "\t--subdomains           allow signing of subdomains\n";
	print STDERR "\t--testmode             indicate key is in test mode\n";
	print STDERR "\t--verbose              increased output\n";
	print STDERR "\t--version              print version and exit\n";
}

##
## Argument processing
##

# parse command line arguments
Getopt::Long::Configure("bundling");
my $opt_retval = &Getopt::Long::GetOptions('a|append-domain!' => \$append,
                                           'b|bits=i' => \$bits,
                                           'D|directory=s' => \$outdir,
                                           'd|domain=s' => \$domain,
                                           'h|hash-algorithms=s' => \$hashalgs,
                                           'help!' => \$helponly,
                                           'n|note=s' => \$note,
                                           'r|restrict!' => \$restricted,
                                           's|selector=s' => \$selector,
                                           'S!' => \$nosubdomains,
                                           'subdomains!' => \$subdomains,
                                           't|testmode!' => \$testmode,
                                           'v|verbose+' => \$verbose,
                                           'V|version!' => \$showversion,
                                          );

if (!$opt_retval || $helponly)
{
	usage();

	if ($helponly)
	{
		exit(0);
	}
	else                                
	{
		exit(1);
	}
}

if ($showversion)
{
	print STDOUT "$progname v2.11.0\n";
	exit 0;
}

## do this securely and in the right place
chdir($outdir) or die "$progname: $outdir: chdir(): $!";;
umask(077);

## generate a private key
if ($verbose >= 1)
{
	print STDERR "$progname: generating private key\n";
}

if ($bits < 1024)
{
	print STDERR "$progname: WARNING: RFC6376 advises minimum 1024-bit keys\n";
}

$status = system("openssl genrsa -out " . $selector . ".private " . $bits . " > /dev/null 2>&1");
if ($status != 0)
{
	if ($? & 127)
	{
		print STDERR "$progname: openssl died with signal %d\n",
		      ($? & 127);
		exit(1);
	}
	else
	{
		print STDERR "$progname: openssl exited with status %d\n",
		      ($? >> 8);
		exit(1);
	}
}

if ($verbose)
{
	print STDERR "$progname: private key written to " . $selector . ".private\n";
}

## generate a public key based on the private key
if ($verbose)
{
	print STDERR "$progname: extracting public key\n";
}

$status = system("openssl rsa -in " . $selector . ".private -pubout -out " . $selector . ".public -outform PEM > /dev/null 2>&1");
if ($status != 0)
{
	if ($? & 127)
	{
		print STDERR "$progname: openssl died with signal %d\n",
		      ($? & 127);
		exit(1);
	}
	else
	{
		print STDERR "$progname: openssl exited with status %d\n",
		      ($? >> 8);
		exit(1);
	}
}

if (!open($keyin, "<", $selector . ".public"))
{
	print STDERR "$progname: unable to read from " . $selector . ".public: $!\n";
	exit(1);
}

while (<$keyin>)
{
	chomp;
	if ($_ =~ /^-/)
	{
		next;
	}

	$keydata .= $_;
}

close($keyin);

## output the record
if ($testmode)
{
	$flags = "t=y;";
}

if ($nosubdomains)
{
	$subdomains = 0;
}

if (!$subdomains)
{
	if ($flags eq "t=y;")
	{
		$flags = "t=y:s;";
	}
	else
	{
		$flags = "t=s;";
	}
}

if ($restricted)
{
	if ($flags ne "")
	{
		$flags .= " ";
	}

	$flags .= "s=email;";
}

if ($flags ne "")
{
	$flags .= " ";
}

$hashout = "";
if (defined($hashalgs))
{
	$hashout = " h=$hashalgs;";
}

$noteout = "";
if (defined($note))
{
	$noteout = " n=\\\"$note\\\";";
}

$domstr = "";
if ($append)
{
	$domstr = "." . $domain . ".";
}

if ($domain ne "")
{
	$comment = " ; ----- DKIM key $selector for $domain"
}
else
{
	$comment = "";
}

if (!open($txtout, ">", $selector . ".txt"))
{
	print STDERR "$progname: unable to write from " . $selector . ".txt: $!\n";
	exit(1);
}

print $txtout $selector . "._domainkey" . ${domstr} . "\tIN\tTXT\t( \"v=DKIM1;" . $noteout . $hashout . " k=rsa; " . $flags . "\"\n\t  \"p=";

$len = length($keydata);
$cur = 0;

while ($len > 0)
{
	if ($len < 250)
	{
		print $txtout substr($keydata, $cur);
		$len = 0;
	}
	else
	{
		print $txtout substr($keydata, $cur, 250);
		print $txtout "\"\n\t  \"";
		$cur += 250;
		$len -= 250;
	}
}

print $txtout "\" ) " . $comment . "\n";

close($txtout);

if ($verbose)
{
	print STDERR "$progname: DNS TXT record written to " . $selector . ".txt\n";
}

## all done!
unlink($selector . ".public");
exit(0);