I Had This Then - Cryptographic Domain Verification

This page allows you to sign information and cryptographically prove your domain ownership using DNS-published public keys.

Return to Simple Signing

Step 0: Generate a Local Key Pair (One-Time Setup)

You need a public/private key pair. The private key stays on your machine, never to be shared. The public key will be published in your domain's DNS.

To generate an RSA 2048-bit key pair (recommended):

openssl genpkey -algorithm RSA -out private_key.pem -aes256 -pkeyopt rsa_keygen_bits:2048
openssl pkey -in private_key.pem -pubout -out public_key.pem

Keep private_key.pem secure!

Step 1: Publish Your Public Key in DNS

Step 2: Sign Information with Verified Domain

Your domain's public key must be verified first (Step 1). Then, you can sign information using a challenge-response mechanism.

Cryptographically Signed Items

Loading cryptographically signed items...