Re: [exim] DKIM: signing failed (RC -101)

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M\MRamana Kumar at <-
MMGraeme Fowler at ->
Delete this message
Reply to this message
Author: Michael Deutschmann
Date:  
To: exim-users
Subject: Re: [exim] DKIM: signing failed (RC -101)
I remember something like this happening when I first tried to begin DKIM
signing years ago. I got an obscure numbered error too, although I'm not
sure if it was "-101".

Anyhow, the problem turned out that I was trying to reuse a Yahoo
DomainKeys key that I had already published in DNS. Since the key format
did not change incompatibly between YDK and DKIM, this should have saved
me the trouble of updating my DNS with a fresh key.

However, DKIM happens to feature a minimum key size (512, plus a strong
recommendation to use at least 1024) that is larger than that generated
by the YDK tools under default settings.

The crypto library incorporated into Exim seems to barf on undersize keys
-- tracing the problem showed that the code was expecting one field of the
private key file to be larger than it really was (or something like that
-- this was along time ago). A freshly generated key of an officially
supported size worked.


Upshot: double check your key to see that it is actually big enough for
DKIM.

---- Michael Deutschmann <michael@???>


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] DKIM: signing failed (RC -101)Re: [exim] DKIM: signing failed (RC -101)->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)