Cisco Cisco Email Security Appliance C650 ユーザーガイド
24-5
Cisco IronPort AsyncOS 7.3 for Email Advanced Configuration Guide
OL-23081-01
Chapter 24 FIPS Management
Managing Keys for DKIM Signing and Verification
For an overview of how DomainKeys and DKIM work on the Email Security
appliance, see
appliance, see
DKIM Signing
When creating a DKIM signing key, you specify a key size. Email Security
appliances in FIPS mode only support the 1024, 1536, and 2048 bits key sizes.
The larger key sizes is more secure; however, larger keys can have an impact on
performance.
appliances in FIPS mode only support the 1024, 1536, and 2048 bits key sizes.
The larger key sizes is more secure; however, larger keys can have an impact on
performance.
The appliance cannot be switched to FIPS mode if it has any non-compliant RSA
keys in use. It will displays an error message instead.
keys in use. It will displays an error message instead.
FIPS-compliant signing keys are available for use in domain profiles and appear
in the Signing Key list when creating or editing a domain profile using the Mail
Policies > Domain Profiles page. Once you have associated a signing key with a
domain profile, you can create DNS text record which contains your public key.
You do this via the Generate link in the DNS Text Record column in the domain
profile listing (or via
in the Signing Key list when creating or editing a domain profile using the Mail
Policies > Domain Profiles page. Once you have associated a signing key with a
domain profile, you can create DNS text record which contains your public key.
You do this via the Generate link in the DNS Text Record column in the domain
profile listing (or via
domainkeysconfig -> profiles -> dnstxt
in the CLI).
DKIM Verification
The appliance requires a message to use a FIPS-compliant key in order to verify
a DKIM signature. If the signature does not use a FIPS-compliant key, the
appliance returns a permanant failure.
a DKIM signature. If the signature does not use a FIPS-compliant key, the
appliance returns a permanant failure.