The argument -algorithm RSA makes it use RSA (not DSA). The openssl man page says genrsa is superceded by genpkey.
But I guess I should just try using genrsa and see if that fixes the problem... I'll write back if it doesn't. On Fri, Aug 24, 2012 at 8:48 PM, Tom Kistner <t...@kistner.nu> wrote: > genpkey seems to be a generic function. I've never used that. Use -genrsa > instead to force rsa. Maybe your openssl defaults to DSA for genpkey. > > 2012/8/24 Ramana Kumar <ram...@member.fsf.org> > >> Sorry, I should have posted this earlier. >> This is the command I used to generate the private key: >> >> openssl genpkey -algorithm RSA -out dkim.private.key >> >> So, no, I didn't use -des3 or -nodes, and I don't think my private key is >> encrypted. >> But maybe exim doesn't like the output of genpkey? >> >> >> On Fri, Aug 24, 2012 at 8:29 PM, Tom Kistner <t...@kistner.nu> wrote: >> >>> The line you posted shows how you extracted the public portion from the >>> private key. >>> >>> Maybe your private key is encrypted. >>> >>> When you generated the private key, was -des3 or -nodes specified on the >>> commandline, and did openssl ask you for a passphrase? >>> >>> 2012/8/22 Ramana Kumar <ram...@member.fsf.org> >>> >>>> But what could be wrong? >>>> >>>> I generated it like this: >>>> openssl rsa -in dkim.private.key -pubout -out dkim.public.key >>>> >>>> As I understand it the problem is not with whether the public and >>>> private >>>> keys match, but with the private key itself. Does openssl (as above) not >>>> generate them in a format exim can read? >>>> >>>> % openssl version >>>> OpenSSL 1.0.1c 10 May 2012 >>>> >>>> >>>> On Wed, Aug 22, 2012 at 5:00 PM, Wolfgang Breyha <wbre...@gmx.net> >>>> wrote: >>>> >>>> > Ramana Kumar wrote, on 22.08.2012 10:23: >>>> > > What does RC -101mean? I think it means Exim couldn't read my >>>> private key >>>> > > or something is wrong with my private key. >>>> > >>>> > Reading the source says >>>> > #define PDKIM_ERR_RSA_PRIVKEY -101 >>>> > >>>> > returned by: >>>> > /* Perform private key operation */ >>>> > if (rsa_parse_key(&rsa, (unsigned char *)sig->rsa_privkey, >>>> > strlen(sig->rsa_privkey), NULL, 0) != 0) { >>>> > return PDKIM_ERR_RSA_PRIVKEY; >>>> > } >>>> > >>>> > So, yes, there is something wrong with your private key. >>>> > >>>> > Greetings, >>>> > Wolfgang >>>> > -- >>>> > Wolfgang Breyha <wbre...@gmx.net> | http://www.blafasel.at/ >>>> > Vienna University Computer Center | Austria >>>> > >>>> > >>>> -- >>>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users >>>> ## Exim details at http://www.exim.org/ >>>> ## Please use the Wiki with this list - http://wiki.exim.org/ >>>> >>> >>> >> > -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/