DMARC can fail even with SPF PASS and DKIM PASS if the domains are not aligned with the FROM address, but I think your problem is something different.

I think it is saying that you used a 1024-bit key which is considered too weak to be trusted, so you need to rekey using a 2048-bit (or higher) key pair.   The signature passes, but some evaluators (apparently Google) say that the signature does not count.   I just checked and RFC 7489 does not specify a required key length, but RFC 8301 says that some evaluators may enforce key length requirements

In this case, DMARC FAIL should only occur if the SPF PASS is for an unaligned domain and the DKIM PASS is rejected because of the weak key.

1024-bit public keys fit in one DNS segment, more complex keys require multiple DNS segments.   If you use Windows DNS server, there is something odd about how the multiple segments need to be entered.   Check the SmarterTools knowledgebase as I think it has been documented there.   For most other DNS, it is usually straightforward.