gendkim

#!/bin/bash

set -e

## Help message
if [ $# -le 1 ]; then
        echo "Use: $0 <domain name> <selector>"
        exit 1
fi

DOMAIN=$1
SELECTOR=$2

if [ ! -d /etc/exim4/dkim/keys/$DOMAIN ]; then
  mkdir -p /etc/exim4/dkim/keys/$DOMAIN
fi

if [ ! -f /etc/exim4/dkim/KeyTable ]; then
  touch /etc/exim4/dkim/KeyTable
fi

cd /etc/exim4/dkim/keys/$DOMAIN

## Generate Private and public key
openssl genrsa -out ${SELECTOR}-${DOMAIN}.privkey 1024 -outform PEM
openssl rsa -in ${SELECTOR}-${DOMAIN}.privkey -out ${SELECTOR}-${DOMAIN}.pub -pubout -outform PEM

## Set permissions
chown -R Debian-exim: /etc/exim4/dkim
chmod 750 /etc/exim4/dkim
chmod 750 /etc/exim4/dkim/keys
chmod 640 /etc/exim4/dkim/keys/$DOMAIN/*
chmod 750 /etc/exim4/dkim/keys/$DOMAIN

## Format the public key
PUBLICKEY=`sudo cat ${SELECTOR}-${DOMAIN}.pub | tail -n +2 | head -n -1 | tr -d '\n'`;

## Add data to our KeyTable file
echo "${DOMAIN} domain=${DOMAIN} selector=${SELECTOR} privkey=/etc/exim4/dkim/keys/$DOMAIN/${SELECTOR}-${DOMAIN}.privkey" >> /etc/exim4/dkim/KeyTable

## Print out the TXT record
echo "DKIM key pair created for $DOMAIN"
echo
echo "Cut and paste the following into your TXT DNS record:"
echo
echo "$SELECTOR._domainkey.$DOMAIN IN TXT \"v=DKIM1; h=sha256; k=rsa; s=email; p=$PUBLICKEY\""

I was wondering if you have any idea how to use multiple keys for a single domain. It would seem using dual keys (ed25519 and rsa) is possible, based on https://www.exim.org/exim-html-current/doc/html/spec_html/ch-dkim_and_spf.html , which states:

As they are a recent development, users should consider dual-signing (by setting a list of selectors, and an expansion for this option) for some transition period.

Sorry, I never configured that kind of setup. Good luck in your research!