[SOLVED] Find key length of DKIM public key without private key

Find key length of DKIM public key without private key

How can I compute a DKIM key length (in bits) using only the public key available in DNS?

I found lots of answers using openssl, but you need the private key - which I don't have. I'm using Debian everywhere, but using a BSD or Windows wouldn't be a problem either.

Solution

Probably offtopic (not programming or development) but too big for comment and needs formatting:

$ dig +short 20230601._domainkey.gmail.com TXT
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntvSKT1hkqhKe0xcaZ0x+QbouDsJuBfby/S82jxsoC/SodmfmVs2D1KAH3mi1AqdMdU12h2VfETeOJkgGYq5ljd996AJ7ud2SyOLQmlhaNHH7Lx+Mdab8/zDN1SdxPARDgcM7AsRECHwQ15R20FaKUABGu4NTbR2fDKnYwiq5jQyBkLWP+LgGOgfUF4T4HZb2" "PY2bQtEP6QeqOtcW4rrsH24L7XhD+HSZb1hsitrE0VPbhJzxDwI4JF815XMnSVjZgYUXP8CxI1Y0FONlqtQYgsorZ9apoW1KPQe8brSSlRsi9sXB/tu56LmG7tEDNmrZ5XUwQYUUADBOu7t1niwXwIDAQAB"
$ echo "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntvSKT1hkqhKe0xcaZ0x+QbouDsJuBfby/S82jxsoC/SodmfmVs2D1KAH3mi1AqdMdU12h2VfETeOJkgGYq5ljd996AJ7ud2SyOLQmlhaNHH7Lx+Mdab8/zDN1SdxPARDgcM7AsRECHwQ15R20FaKUABGu4NTbR2fDKnYwiq5jQyBkLWP+LgGOgfUF4T4HZb2""PY2bQtEP6QeqOtcW4rrsH24L7XhD+HSZb1hsitrE0VPbhJzxDwI4JF815XMnSVjZgYUXP8CxI1Y0FONlqtQYgsorZ9apoW1KPQe8brSSlRsi9sXB/tu56LmG7tEDNmrZ5XUwQYUUADBOu7t1niwXwIDAQAB" \
> |base64 -d |openssl pkey -inform der -pubin -noout -text
RSA Public-Key: (2048 bit)
Modulus:
    00:9e:db:d2:29:3d:61:92:a8:4a:7b:4c:5c:69:9d:
    31:f9:06:e8:b8:3b:09:b8:17:db:cb:f4:bc:da:3c:
    6c:a0:2f:d2:a1:d9:9f:99:5b:36:0f:52:80:1f:79:
    a2:d4:0a:9d:31:d5:35:da:1d:95:7c:44:de:38:99:
    20:19:8a:b9:96:37:7d:f7:a0:09:ee:e7:76:4b:23:
    8b:42:69:61:68:d1:c7:ec:bc:7e:31:d6:9b:f3:fc:
    c3:37:54:9d:c4:f0:11:0e:07:0c:ec:0b:11:10:21:
    f0:43:5e:51:db:41:5a:29:40:01:1a:ee:0d:4d:b4:
    76:7c:32:a7:63:08:aa:e6:34:32:06:42:d6:3f:e2:
    e0:18:e8:1f:50:5e:13:e0:76:5b:d8:f6:36:6d:0b:
    44:3f:a4:1e:a8:eb:5c:5b:8a:eb:b0:7d:b8:2f:b5:
    e1:0f:e1:d2:65:bd:61:b2:2b:6b:13:45:4f:6e:12:
    73:c4:3c:08:e0:91:7c:d7:95:cc:9d:25:63:66:06:
    14:5c:ff:02:c4:8d:58:d0:53:8d:96:ab:50:62:0b:
    28:ad:9f:5a:a6:85:b5:28:f4:1e:f1:ba:d2:4a:54:
    6c:8b:db:17:07:fb:6e:e7:a2:e6:1b:bb:44:0c:d9:
    ab:67:95:d4:c1:06:14:50:00:c1:3a:ee:ed:d6:78:
    b0:5f
Exponent: 65537 (0x10001)

On non-WSL Windows you can get the data with nslookup -qtype=TXT or in PowerShell $x = resolve-dnsname [-Name] blah [-Type] TXT ; $x.strings. On both Windows and any (lame) Unix that doesn't have base64 as a progam, you can use openssl base64 -d -A (note the uppercase A option for longer-than-standard lines).