Verifying a DKIM TXT Record and Key Length

After reading the Wired story last week about Zachary Harris discovering a widespread vulnerability related to the use of weak cryptographic DKIM keys (less than 1024 bits) by companies like Google, eBay, Yahoo, Twitter and PayPal, and the subsequent CERT warning (VU#268267), I decided to write a quick tool to check DKIM TXT records and determine their key length:

DKIM Key Checker

This tool grabs your DKIM DNS TXT record and uses OpenSSL to parse the contained public key to determine its key length.

7 thoughts on “Verifying a DKIM TXT Record and Key Length”

  1. Thanks for this tool, and the previous article on how to check your DKIM DNS record with the likes of dig – it was very helpful when setting up a new server configuration

  2. I’ve been in agony trying to get Yahoo Small Business to get my dkim settings right in DNS (not accessible via the Yahoo domain control panel) and your site has been invaluable in getting Yahoo to do the job right. Thanks so much!

  3. I was suggested this blog by my cousin. I’m not sure whether this post is written by him as no one else know such detailed about my difficulty. You are wonderful! Thanks! ekeeeggdfbfg

  4. Thanks for this tool ! Great work. More popular, longer existing check websites can’t handle the long keys. I’m glad I found your website and figured out that it wasn’t my mistake when entering the long keys into our servers that made other checks fail.

  5. This tool is a godsend. Thanks so much. Not even Google’s own MX tool was able to parse my domain key successfully. Great idea adding the selector field. Much appreciated.

Leave a Reply

Your email address will not be published. Required fields are marked *