Cisco Cisco Email Security Appliance C160 Mode D'Emploi
22-4
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 22 Email Authentication
Configuring DomainKeys and DKIM Signing
Signing Keys
A signing key is the private key stored on the appliance. When creating a signing key, you specify a key
size. Larger key sizes are more secure; however, larger keys also can impact performance. The appliance
supports keys from 512 bits up to 2048 bits. The 768 - 1024 bit key sizes are considered secure and used
by most senders today. Keys based on larger key sizes can impact performance and are not supported
above 2048 bits. For more information about creating signing keys, see
size. Larger key sizes are more secure; however, larger keys also can impact performance. The appliance
supports keys from 512 bits up to 2048 bits. The 768 - 1024 bit key sizes are considered secure and used
by most senders today. Keys based on larger key sizes can impact performance and are not supported
above 2048 bits. For more information about creating signing keys, see
.
If you are entering an existing key, simply paste it into the form. Another way to use existing signing
keys is to import the key as a text file. For more information about adding existing signing keys, see
keys is to import the key as a text file. For more information about adding existing signing keys, see
Once a key is entered, it is available for use in domain profiles, and will appear in the Signing Key
drop-down list in the domain profile.
drop-down list in the domain profile.
Related Topics
•
Exporting and Importing Signing Keys
You can export your signing keys to a text file on the appliance. When you export keys, all of the keys
currently existing on the appliance are put into a text file. For more information about exporting keys,
see
currently existing on the appliance are put into a text file. For more information about exporting keys,
see
.
You can import keys that have been exported as well.
Note
Importing keys causes all of the current keys on the appliance to be replaced.
For more information, see
Public Keys
Once you have associated a signing key with a domain profile, you can create DNS text record which
contains your public key. You do this via the Generate link in the DNS Text Record column in the domain
profile listing (or via
contains your public key. You do this via the Generate link in the DNS Text Record column in the domain
profile listing (or via
domainkeysconfig -> profiles -> dnstxt
in the CLI):
For more information about generating a DNS Text Record, see
You can also view the public key via the View link on the Signing Keys page: