compiled with GnuTLS 3.5.0 or later,
.new
or OpenSSL 1.1.1 or later.
+The macro "_CRYPTO_HASH_SHA3" will be defined if it is supported.
.wen
(equivalent to the private-key .pem with the header/trailer stripped)
but for EC keys it is the base64 of the pure key; no ASN.1 wrapping.
.wen
-.wen
Signing is enabled by setting private options on the SMTP transport.
These options take (expandable) strings as arguments.
.code
Signers MUST use RSA keys of at least 1024 bits for all keys.
Signers SHOULD use RSA keys of at least 2048 bits.
+.endd
Support for EC keys is being developed under
&url(https://datatracker.ietf.org/doc/draft-ietf-dcrup-dkim-crypto/).
As they are a recent development, users should consider dual-signing
(by setting a list of selectors, and an expansion for this option)
for some transition period.
-.endd
+The "_CRYPTO_SIGN_ED25519" macro will be defined if support is present
+for EC keys.
.wen
.option dkim_hash smtp string&!! sha256
The algorithm used. One of 'rsa-sha1' or 'rsa-sha256'.
.new
If running under GnuTLS 3.6.0 or later, may also be 'ed25519-sha256'.
+The "_CRYPTO_SIGN_ED25519" macro will be defined if support is present
+for EC keys.
.wen
.new