FYHTECH

FUN WITH LINUX

cryptorecord 0.9.2 released

17 May 2018

I proudly pronounce the first (pre-)release of cryptorecord. Cryptorecords is a ruby gem that provides an API and scripts for creating crypto-related dns-records(e.g. DANE). Currently it supports TLSA, OPENPGPKEYS and SSHFP but I plan to support other records in future. The API doesn’t create any keys or certificates. It just takes existing keyfiles to create the DNS-records.

Installation

The gem is available on Rubygems. Add this line to your application’s Gemfile:

gem 'cryptorecord'

And then execute:

$ bundle

Or install it yourself as:

$ gem install cryptorecord

Usage

This gem comes with a bunch of handy executables that helps creating the dns-records:

  • openpgpkeysrecord
  • sshfprecord
  • tlsarecord
    Usage: ./openpgpkeysrecord -u -f 
        -h, --help This help screen
        -f PGP-PUBLICKEY-FILE, PGP-Publickey-File
            --publickeyfile
        -u, --uid EMAIL email-address

    
    Usage: ./sshfprecord [options]
        -h, --help This help screen
        -f SSH-HOST-KEY-FILE, SSH-Hostkey-File
            --hostkeyfile
        -H, --host HOST host
        -d, --digest DIGEST HASH-Algorithm
        -r, --read-local-hostkeys Read all local Hostkeys.(like ssh-keygen -r)

    
    Usage: ./tlsarecord [options]
        -h, --help This help screen
        -f, --certfile CERTIFICATE-FILE Certificatefile
        -H, --host HOST host
        -p, --port PORTNUMBER port
        -P, --protocol PROTOCOL protocol(tcp,udp,sctp..)
        -s, --selector SELECTOR Selector for the association. 0 = Full Cert, 1 = SubjectPublicKeyInfo
        -u, --usage USAGE Usage for the association. 0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE
        -t, --mtype MTYPE The Matching Type of the association. 0 = Exact Match, 1 = SHA-256, 2 = SHA-512

TLSA-Example

#!/usr/bin/env ruby

require 'cryptorecord'

selector = 0
mtype = 0
usage = 3
port = 443
proto = "tcp"
host = "www.example.com"
tlsa = Cryptorecord::Tlsa.new(:selector => selector, :mtype => mtype, :usage => usage, :port => port, :proto => proto, :host => host )
tlsa.read_file("/etc/ssl/certs/ssl-cert-snakeoil.pem")
puts tlsa

SSHFP-Example

#!/usr/bin/env ruby

require 'cryptorecord'

sshfp = Cryptorecord::Sshfp.new(:digest => 1, :keyfile => '/etc/ssh/ssh_host_rsa_key.pub', :host => 'www.example.com')
puts sshfp

OPENPGPKEYS-Example

#!/usr/bin/env ruby

require 'cryptorecord'

sshfp = Cryptorecord::Openpgpkeys.new(:uid => "hacky@hacktheplanet.com")
sshfp.read_file("resources/hacky.asc")
puts sshfp

Documentation

The documentation can be found at rubydoc.info

[ Programming  Security  Crypto  Network  Ruby  Downloads  Download  ]
User image

My name is Wolfgang Hotwagner. I am a Linux and Information Security enthusiast from Vienna. This blog is about my journey through Computer Science.

Tag Cloud

Certification Multimedia Shell Perl Database Zsh Firewall ccc Ruby Puppet Toscom Rails Anniversary Programming xmas One-Liner Crypto LVM Software-Raid Blog Bash Open-Source TerminalEmulator apache Raspberry HackADay Linux Tricks Btrfs Hardware Suricata CLI PHP Backup Debian openssl Virtualization CVE External Mail Kernel Mathematics logrotate News git Fun Sysadmin vim Proxy Desktop Web Security Docker Network Nagios Email Postgresql Ansible C Downloads

Recent Posts

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti