sub create_keys {
	my @selectors;
	my @towrite;
	eval {
		require Crypt::OpenSSL::RSA;
		require Crypt::OpenSSL::Random;

		foreach my $domain (keys %keys) {
			my $keyfile 	= $keys{$domain}->{key};
			my $pubfile 	= $keyfile =~ s/key/pub/g;
			my $selector 	= $keys{$domain}->{selector};
			
			Crypt::OpenSSL::RSA->import_random_seed();
			my $rsa = Crypt::OpenSSL::RSA->generate_key(1024);
			my $pub_string = $rsa->get_public_key_string();
			my $key_string = $rsa->get_private_key_string();
			my $select_string = "-----BEGIN DNS ENTRIES FOR $domain-----\n";
			$select_string .= "_domainkey IN TXT \"o=~;\"\n\n";
			$pub_string =~ s/-----BEGIN\ RSA\ PUBLIC\ KEY-----//g;
			$pub_string =~ s/-----END\ RSA\ PUBLIC\ KEY-----//g;
			$pub_string =~ s/\s//g;
			$select_string .= "$selector\._domainkey IN TXT \"k=rsa\\;\n";
			$select_string .= "p=$pub_string\\;\"\n";
			$select_string .= "-----END DNS ENTRIES FOR $domain-----\n";
			push @selectors, $select_string;
			push @towrite, { 
				key => $keyfile, 
				pub => $pubfile, 
				keystring => $key_string, 
				pubstring => $pub_string
			};
		}
	};
	die "Failed to create keypair: $@" if $@;

# moved this out of the eval just to see if that would change anything
	foreach my $write (@towrite) {
		{
			open (my $key, ">", $write->{key}) or die "$!";
			print $key $write->{keystring};
			open (my $pub, ">", $write->{pub}) or die "$!";
			print $pub $write->{pubstring};
		}
	}
	
	foreach my $s (@selectors) {
		print $s . "\n";
	}

	exit 0;
}