Free tool · 100% in your browser
Generate DKIM keys
without trusting us
DKIM signs every email you send so receivers can trust it. Generate the key pair here — your browser does the math, the private key never touches our servers.
Questions, answered honestly
Is it safe to generate DKIM keys in a browser?
Yes — and here it's safer than most online generators. The keys are created by your own browser's WebCrypto API and never travel over the network. We have no server-side code in this tool at all, so we couldn't see or store your private key even if we wanted to.
What's a selector and what should I call mine?
The selector is just a label that lets a domain hold several DKIM keys at once (google, selector1, s1…). Any short lowercase name works. Use something memorable like s1 or the current year — and if you rotate keys later, publish the new one under a new selector before removing the old.
Should I pick 1024 or 2048 bits?
2048 — it's the current standard and what Gmail recommends. The only reason 1024 exists here is that a few old DNS providers still choke on TXT values longer than 255 characters. If yours does, it usually offers record 'chunking' instead; try that before downgrading the key.
I published the record. How do I know it works?
Give DNS a few minutes to propagate, then run our free Domain Health Checker — it tests DKIM along with SPF, DMARC and MX and tells you in plain language what receivers see.
Do I even need this if I use Gmail or Outlook?
Usually not for their own domains — Google Workspace and Microsoft 365 manage DKIM for you in their admin panels (use that, it's better). This generator is for when you run your own mail server, use an SMTP relay that asks you to bring a key, or need a key for a secondary sending domain.