2048 Bit DKIM Keys: Size and Finest Practices

By News Author

2048 Bit DKIM Keys: Size and Finest Practices

News Author

For years, the usual key size was 1024 bit DKIM keys, however hackers proceed to develop new strategies to interrupt DKIM keys. In consequence, the Nationwide Institute of Requirements and Expertise (NIST) recommends 2048 bit keys.

Because of the numerous unhealthy actors within the e-mail area, legitimate senders have to go above and past to show themselves legit. One of many methods senders can authenticate themselves is thru DomainKeys Recognized Mail (DKIM), a cryptographic know-how that makes use of a public key and a non-public key to confirm that the sender of the e-mail is accountable for the corresponding area.

To make sure our senders have the absolute best safety in place, we’re excited to announce that Twilio SendGrid now makes use of 2048-bit keys. 

What’s a 2048 bit DKIM key?

A 2048-bit DKIM secret is a strong safety measure that protects your emails from unauthorized adjustments and impersonation. The “2048-bit” refers back to the size of the important thing, which determines its energy. An extended key gives extra safety. With a 2048-bit DKIM key, you may have a strong protection in opposition to tampering and forgery makes an attempt.

Right here’s how 2048 bit keys work.

While you ship an e-mail, you employ a non-public key so as to add a novel signature. This signature is encrypted and connected to your e-mail. The recipient can then use the corresponding public key to confirm the signature and be sure that the e-mail hasn’t been altered or faked.

The energy of a 2048-bit DKIM key lies in its complexity. With quite a few potential combos, it turns into extraordinarily troublesome for anybody to crack the encryption. This helps shield your emails from being spoofed or tampered with.

What’s a 1024 bit DKIM key?

With a 1024-bit DKIM key, you may have a stable stage of safety to guard your messages. Whereas not so long as a 2048-bit key, it nonetheless gives a substantial stage of safety in opposition to unauthorized modifications and impersonation makes an attempt.

Nonetheless, longer keys present even stronger safety. The longer the important thing, the extra computationally complicated it turns into for somebody to crack it.

1024 bit vs. 2048 bit DKIM keys: What’s the distinction?

For a number of years, the usual was the 512 bit. Nonetheless, it grew to become very obvious that the 512 bit keys have been weak and simply cracked. 

Whereas the 1024 bit is much safer, it’s extremely vital to remain forward of the sport when securing your emails. Many consultants imagine the 1024 bit will develop into weak over the following few years. 

Enter 2048 bit keys.

With double the important thing size, 2048 bit keys present enhanced tampering safety with the strongest signing for automated safety area authentication. The 2048 bit keys are safe in opposition to types of cryptographic assaults for the following a number of years.

Why not improve to a 4096 bit key?

Effectively, as a result of it’s not mandatory. As of now, 2048 bit keys are enough for defense, and doubling that quantity can harm efficiency. Servers and purchasers should use extra computing to generate longer codes.

Use what’s mandatory now—you’ll be able to all the time change it later when requirements and expectations evolve.

Is 2048 bit broadly supported?

It is a widespread query because the key size is double that of 1024 bit keys. Some area identify system (DNS) suppliers have limits on the variety of characters, though most totally help the important thing size of 2048 bit keys.

These DNS suppliers that don’t help 2048 bit keys have distinctive workarounds, so it’s price reaching out to them to debate completely different options. 

How one can arrange 2048 bit DKIM keys on your account

Every time automated safety in your Twilio SendGrid account creates a brand new DKIM key, will probably be a 2048 bit key. A brand new DKIM key generates with each new selector.

Nonetheless, current area authentication configurations and selectors won’t change mechanically. For instance:

  • If you happen to create a brand new area authentication, but it surely makes use of the identical default s1 selector as a earlier 1024 bit key, it’ll reuse the 1024 bit key.
  • When you’ve got an current 1024 bit key, you then’ll want to choose a customized unused selector when creating the brand new area authentication to generate a brand new 2048 bit key.

In your Twilio SendGrid account, go to “Settings” and “Sender Authentication” to create or replace your DKIM key (as proven within the picture under).

Exception: Handbook safety won’t use 2048 bit

Handbook safety area authentications in your Twilio SendGrid account will proceed to make use of 1024 bit keys, even when it’s a brand-new area authentication. On account of its energy, DNS suppliers don’t all the time help 2048 bit DKIM keys. That’s why we ask you to place the uncooked DKIM key on the supplier while you implement handbook safety, as a result of there’s a danger that the supplier gained’t settle for it.

While you arrange automated safety, Twilio SendGrid shops the DKIM key on our DNS supplier (who we all know helps 2048 bit DKIM keys), and also you level your DNS to our DNS.

For extra data on establishing 2048 bit keys on your account, go to our docs article, Migrating to 2048 Bit DomainKeys Recognized Mail (DKIM).

Shield your e-mail program with 2048 bit keys

Sadly, hackers aren’t going away anytime quickly. You should keep one step forward of unhealthy actors always to maintain your e-mail safe. Implementing 2048 bit DKIM keys will make sure you take all the mandatory steps to guard your area and e-mail repute. 

Learn to arrange 2048 bit keys on your Twilio SendGrid account, or be taught extra about account safety finest practices