Cryptorecord
This gem provides an API and scripts for creating crypto-related dns-records(e.g. DANE).
At the moment the following records are supported:
- TLSA
- SSHFP
- OPENPGPKEYS
This API does neither create nor provide any public keys/certificates. It just uses existing keys to create the dns-records.
Installation
Add this line to your application's Gemfile:
gem 'cryptorecord'And then execute:
$ bundle
Or install it yourself as:
$ gem install cryptorecord
Usage
This gem comes with some example scripts like:
- openpgpkeysrecord
- sshfprecord
- tlsarecord
Usage: ./openpgpkeysrecord -u <email> -f <gpgkeyfile>
-h, --help This help screen
-f PGP-PUBLICKEY-FILE, PGP-Publickey-File
--publickeyfile
-u, --uid EMAIL email-address
Usage: ./sshfprecord [ options ]
-h, --help This help screen
-f SSH-HOST-KEY-FILE, SSH-Hostkey-File
--hostkeyfile
-H, --host HOST host
-d, --digest DIGEST HASH-Algorithm
-r, --read-local-hostkeys Read all local Hostkeys.(like ssh-keygen -r)Usage: ./tlsarecord [ options ]
-h, --help This help screen
-f, --certfile CERTIFICATE-FILE Certificatefile
-H, --host HOST host
-p, --port PORTNUMBER port
-P, --protocol PROTOCOL protocol(tcp,udp,sctp..)
-s, --selector SELECTOR Selector for the association. 0 = Full Cert, 1 = SubjectPublicKeyInfo
-u, --usage USAGE Usage for the association. 0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE
-t, --mtype MTYPE The Matching Type of the association. 0 = Exact Match, 1 = SHA-256, 2 = SHA-512TLSA Example
#!/usr/bin/env ruby
require 'cryptorecord'
selector = 0
mtype = 0
usage = 3
port = 443
proto = "tcp"
host = "www.example.com"
tlsa = Cryptorecord::Tlsa.new(:selector => selector, :mtype => mtype, :usage => usage, :port => port, :proto => proto, :host => host )
tlsa.read_file("/etc/ssl/certs/ssl-cert-snakeoil.pem")
puts tlsaSSHFP Example
#!/usr/bin/env ruby
require 'cryptorecord'
sshfp = Cryptorecord::Sshfp.new(:digest => 1, :keyfile => '/etc/ssh/ssh_host_rsa_key.pub', :host => 'www.example.com')
puts sshfpOPENPGPKEYS Example
#!/usr/bin/env ruby
require 'cryptorecord'
sshfp = Cryptorecord::Openpgpkey.new(:uid => "hacky@hacktheplanet.com")
sshfp.read_file("resources/hacky.asc")
puts sshfp
Documentation
Resources
Development
After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install.
Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/whotwagner/cryptorecord. This project is intended to be a safe, welcoming space for collaboration.
