DKIM Key Length

Has this been fixed yet?
I did not find the case in the logs!
This is urgent since it affects email!
Thanks

 

Sorry to bump this thread, but I am having an issue with DKIM and I think it's due to this case number 794. Are we any closer to getting this resolved ? If not, how can we manually generate dkim and get email signing working. My old keys all work fine, but keys generated recently are failing and its for a new customer.

I get this when testing with verifier.port25.com

DKIM check details:
----------------------------------------------------------
Result: fail (signature doesn't verify)

 

This appears to have rectified itself once I had logged a support ticket, typical. To get around this whilst waiting for the support team (the time difference doesn't help), I had to manually generate the keys. The following day, when disabled and re-enabled the DKIM setting against the account and checked using verifier.port25.com it verified ok. I have no idea why it wouldn't work one day then started to work the next.

 

If you are using Cloudflare, I finally found a work around. This might work for other DNS systems.

When cpanel displays the new longer keys on the email authentication screen it does so in the format that DNS system would do to maintain the 255 character limit of the TXT field. It does this by adding a quote " and space before the next part of the key. If you are pasting this into Cloudflare then strip out all the quotes and the space. Cloudflare when serving the record will split it. But if you paste it in split then it won't resolve correctly.

Hope this helps others.

 

humm, I feel really confused.

RFC-4408 - 3.1.3

RFC-1035 - 3.3

RFC-1035 - 3.3.14

RFC-1035 - 5.1

1/ I see no limit to 255 expressed "MUST" as part of the RFCs.
2/ Assuming there is one, it is 255, but cpanel build the strings as follow:

Code:

"v=DKIM1\; k=rsa\; p=first" "second\;"

With "v=DKIM1\; k=rsa\; p=first" been 260 characters.
Trail the quotes, count is 258 characters still.
Trail the back-quote (wonder why btw), count is 256 characters still.
ALL those characters count exceed 255 if it is a limit ?!?.

 

Has this been addressed yet?

I need to change the key length so that it fits with the limit on my DNS provider (fasthosts).

Just now the key is too long and like mentioned above it is broken with the quotation marks. the bit inside the quotation marks is 255 in length and would fit but I can't create the record with the second part after the split.

I can't find anything about how to change the key length, is it possible in cPanel, WHM or via SSH?