Sorry, I should have posted this earlier.
This is the command I used to generate the private key:
openssl genpkey -algorithm RSA -out dkim.private.key
So, no, I didn't use -des3 or -nodes, and I don't think my private key is
encrypted.
But maybe exim doesn't like the output of genpkey?
On Fri, Aug 24, 2012 at 8:29 PM, Tom Kistner <tom@???> wrote:
> The line you posted shows how you extracted the public portion from the
> private key.
>
> Maybe your private key is encrypted.
>
> When you generated the private key, was -des3 or -nodes specified on the
> commandline, and did openssl ask you for a passphrase?
>
> 2012/8/22 Ramana Kumar <ramana@???>
>
>> But what could be wrong?
>>
>> I generated it like this:
>> openssl rsa -in dkim.private.key -pubout -out dkim.public.key
>>
>> As I understand it the problem is not with whether the public and private
>> keys match, but with the private key itself. Does openssl (as above) not
>> generate them in a format exim can read?
>>
>> % openssl version
>> OpenSSL 1.0.1c 10 May 2012
>>
>>
>> On Wed, Aug 22, 2012 at 5:00 PM, Wolfgang Breyha <wbreyha@???> wrote:
>>
>> > Ramana Kumar wrote, on 22.08.2012 10:23:
>> > > What does RC -101mean? I think it means Exim couldn't read my private
>> key
>> > > or something is wrong with my private key.
>> >
>> > Reading the source says
>> > #define PDKIM_ERR_RSA_PRIVKEY -101
>> >
>> > returned by:
>> > /* Perform private key operation */
>> > if (rsa_parse_key(&rsa, (unsigned char *)sig->rsa_privkey,
>> > strlen(sig->rsa_privkey), NULL, 0) != 0) {
>> > return PDKIM_ERR_RSA_PRIVKEY;
>> > }
>> >
>> > So, yes, there is something wrong with your private key.
>> >
>> > Greetings,
>> > Wolfgang
>> > --
>> > Wolfgang Breyha <wbreyha@???> | http://www.blafasel.at/
>> > Vienna University Computer Center | Austria
>> >
>> >
>> --
>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>
>
>