Revoking and Deleting a DKIM Key

This page describes how to revoke and delete a DKIM key that’s no longer in use. If you found this page because you were searching for information on how to replace a DKIM key, then you should review the Replacing DKIM Keys page before proceeding.

Web Browser DKIM Configuration

If your DKIM keys were created in GreenArrow’s web interface (most are), then they will also need to be deleted in the web interface:

Login to GreenArrow Engine’s web interface.
Navigate to Configure => DKIM Keys:
Locate the DKIM key that you wish to revoke, and click the View link:
Delete the public key DNS record that is listed on the page. The screenshot’s public key will differ from the public key that corresponds to your DKIM key:
Click on the Delete button that appears towards the bottom of the page:
Click on the confirmation prompt’s Delete button:

Command Line DKIM Configuration

If your DKIM keys were created on the command line, then they will also need to be revoked on the command line:

To revoke a DKIM key, you’ll need to delete its public key in DNS. Two examples are provided below:
1. To display the DNS record that will need to be deleted for example.com’s default selector, run the command below:
```
 /var/hvmail/bin/dkeasy_show_dns_record.legacy example.com
```
2. To display the DNS record that will need to be deleted for example.com’s greenarrow selector, run the command below:
```
 /var/hvmail/bin/dkeasy_show_dns_record.legacy example.com greenarrow
```
The next step is to delete the private key that’s used to digitally sign messages. Make sure you’re deleting the appropriate file during this step. Two examples are provided below:
1. To delete the private key for example.com, using the default selector, run the command below:
```
 rm /var/hvmail/control/domainkeys/example.com/default
```
2. To delete the private key for example.com, using the greenarrow selector, run the command below:
```
 rm /var/hvmail/control/domainkeys/example.com/greenarrow
```