Cisco Cisco Email Security Appliance C170 사용자 가이드

You can use the HSM card to manage the private keys used by the Email Security 
appliance for signing messages with DomainKeys or DKIM email signatures. For 
an overview of how DomainKeys and DKIM work on the Email Security 
appliance, see 

.

To create a new signing key, log into the FIPS Management console and click Add 
Key in the Signing Keys section. You can also import existing signing keys as a 
text file by clicking Import Keys.

 shows the Add Signing Key page.

When creating a signing key, you specify a key size. Email Security appliances in 
FIPS mode only support the 1024 and 2048 bits key sizes. The larger key size is 
more secure; however, larger keys can have an impact on performance.

If you are entering an existing key, simply paste the key into the Edit/Paste field 
(must be PEM-formatted and must be an RSA key). 

AsyncOS stores the signing keys on the HSM card.

Once a key is entered, it is available for use in domain profiles and will appear in 
the Signing Key list when creating or editing a domain profile using the Mail 
Policies > Domain Profiles page. Once you have associated a signing key with a 
domain profile, you can create DNS text record which contains your public key. 
You do this via the Generate link in the DNS Text Record column in the domain 
profile listing (or via 

domainkeysconfig -> profiles -> dnstxt

 in the CLI).