Cisco Cisco Email Security Appliance C190 Guia Do Utilizador
24-6
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 24 FIPS Management
Managing Keys for DKIM Signing and Verification
Managing Keys for DKIM Signing and Verification
For an overview of how DomainKeys and DKIM work on the Email Security appliance, see
DKIM Signing
Email Security appliances in FIPS mode support only 2048 bits key size for the DKIM signing key. The
appliance cannot be switched to FIPS mode if it has any non-compliant RSA keys in use. It will displays
an error message instead.
appliance cannot be switched to FIPS mode if it has any non-compliant RSA keys in use. It will displays
an error message instead.
FIPS-compliant signing keys are available for use in domain profiles and appear in the Signing Key list
when creating or editing a domain profile using the Mail Policies > Domain Profiles page. Once you
have associated a signing key with a domain profile, you can create DNS text record which contains your
public key. You do this via the Generate link in the DNS Text Record column in the domain profile listing
(or via
when creating or editing a domain profile using the Mail Policies > Domain Profiles page. Once you
have associated a signing key with a domain profile, you can create DNS text record which contains your
public key. You do this via the Generate link in the DNS Text Record column in the domain profile listing
(or via
domainkeysconfig -> profiles -> dnstxt
in the CLI).
DKIM Verification
The appliance requires a message to use a FIPS-compliant key in order to verify a DKIM signature. If
the signature does not use a FIPS-compliant key, the appliance returns a permanent failure.
the signature does not use a FIPS-compliant key, the appliance returns a permanent failure.