When implementing DomainKeys Identified Mail (DKIM), one of the critical decisions is selecting the appropriate RSA key length. While 1024-bit keys were once standard, modern security practices increasingly recommend 2048-bit keys.
According to NIST Special Publication 800-57:
# Recommended RSA key lifetimes
1024-bit: Through 2010 (legacy systems)
2048-bit: Recommended until 2030
3072-bit: Recommended beyond 2030However, DKIM implementations often need to balance security with compatibility.
Before choosing 2048-bit keys, verify:
- Your DNS provider's TXT record length limits (typically 255-512 chars per string, 10 strings max)
- Recipient mail server capabilities (some older systems may reject large signatures)
- Your MTA's performance with larger keys (impact on signing throughput)
Generating a 2048-bit DKIM key pair using OpenSSL:
openssl genrsa -out private.key 2048
openssl rsa -in private.key -pubout -out public.keyFormat the public key for DNS:
k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA...(base64 encoded key)For existing deployments using 1024-bit keys, consider this phased approach:
- Generate parallel 2048-bit keys
- Publish both DNS records (using different selectors)
- Monitor for delivery issues
- Phase out 1024-bit keys after 3-6 months
Our benchmarks show the cryptographic overhead difference:
1024-bit: 0.23ms per signature
2048-bit: 0.87ms per signature
3072-bit: 2.45ms per signatureFor high-volume email servers, this may justify keeping 1024-bit keys for internal routing.
When setting up new DKIM implementations:
# Preferred modern configuration
Key Type: RSA
Key Length: 2048-bit
Hash Algorithm: SHA-256
Selector: default2048This ensures compatibility while maintaining strong security.
When configuring DomainKeys Identified Mail (DKIM), one of the most debated technical choices is the RSA key length. While 1024-bit keys were once standard, modern security practices increasingly favor 2048-bit keys. Let's examine the practical considerations.
The original DKIM specification (RFC 6376) recommends 1024-bit keys as the minimum, with 2048-bit being optional. However, security best practices have evolved:
// Typical OpenDKIM configuration example
KeyTable /etc/opendkim/key.table
KeyFile /etc/opendkim/keys/example.com.private
Selector default
Domain example.com
Historically, many DNS providers imposed TXT record length restrictions (often 255-512 characters per string segment). Modern providers like Cloudflare, AWS Route 53, and Google Cloud DNS now fully support 2048-bit DKIM keys:
; 2048-bit DKIM record example
default._domainkey.example.com. IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx..."While 2048-bit keys offer stronger security, consider these factors:
- Older mail servers may experience performance issues with larger keys
- Some legacy systems may truncate long DKIM signatures
- Increased CPU usage during signing/verification
For most modern setups, 2048-bit is preferable. Here's how to generate both key types using OpenSSL:
# Generate 1024-bit key pair
openssl genrsa -out private.key 1024
openssl rsa -in private.key -pubout -out public.key
# Generate 2048-bit key pair
openssl genrsa -out private2048.key 2048
openssl rsa -in private2048.key -pubout -out public2048.keyWhen transitioning between key lengths, maintain both keys temporarily using multiple selectors:
# Example DNS records during transition
1024._domainkey.example.com. IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBA..."
2048._domainkey.example.com. IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEF..."Benchmark tests show verification times increase by approximately 2.5-3x with 2048-bit keys versus 1024-bit. However, modern hardware typically handles this without noticeable impact:
// Sample benchmark results (verifications per second)
1024-bit: 8500 ops/sec
2048-bit: 3100 ops/secFor high-volume email systems, consider these optimizations:
- Use hardware crypto acceleration
- Implement proper key rotation policies
- Monitor verification failure rates