I proudly pronounce the first (pre-)release of cryptorecord. Cryptorecords is a ruby gem that provides an API and scripts for creating crypto-related dns-records(e.g. DANE). Currently it supports TLSA, OPENPGPKEYS and SSHFP but I plan to support other records in future. The API doesn’t create any keys or certificates. It just takes existing keyfiles to create the DNS-records.
Installation
The gem is available on Rubygems. Add this line to your application’s Gemfile:
gem 'cryptorecord'
And then execute:
$ bundle
Or install it yourself as:
$ gem install cryptorecord
Usage
This gem comes with a bunch of handy executables that helps creating the dns-records:
- openpgpkeysrecord
- sshfprecord
- tlsarecord
Usage: ./openpgpkeysrecord -u -f
-h, --help This help screen
-f PGP-PUBLICKEY-FILE, PGP-Publickey-File
--publickeyfile
-u, --uid EMAIL email-address
Usage: ./sshfprecord [options]
-h, --help This help screen
-f SSH-HOST-KEY-FILE, SSH-Hostkey-File
--hostkeyfile
-H, --host HOST host
-d, --digest DIGEST HASH-Algorithm
-r, --read-local-hostkeys Read all local Hostkeys.(like ssh-keygen -r)
Usage: ./tlsarecord [options]
-h, --help This help screen
-f, --certfile CERTIFICATE-FILE Certificatefile
-H, --host HOST host
-p, --port PORTNUMBER port
-P, --protocol PROTOCOL protocol(tcp,udp,sctp..)
-s, --selector SELECTOR Selector for the association. 0 = Full Cert, 1 = SubjectPublicKeyInfo
-u, --usage USAGE Usage for the association. 0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE
-t, --mtype MTYPE The Matching Type of the association. 0 = Exact Match, 1 = SHA-256, 2 = SHA-512
TLSA-Example
#!/usr/bin/env ruby
require 'cryptorecord'
selector = 0
mtype = 0
usage = 3
port = 443
proto = "tcp"
host = "www.example.com"
tlsa = Cryptorecord::Tlsa.new(:selector => selector, :mtype => mtype, :usage => usage, :port => port, :proto => proto, :host => host )
tlsa.read_file("/etc/ssl/certs/ssl-cert-snakeoil.pem")
puts tlsa
SSHFP-Example
#!/usr/bin/env ruby
require 'cryptorecord'
sshfp = Cryptorecord::Sshfp.new(:digest => 1, :keyfile => '/etc/ssh/ssh_host_rsa_key.pub', :host => 'www.example.com')
puts sshfp
OPENPGPKEYS-Example
#!/usr/bin/env ruby
require 'cryptorecord'
sshfp = Cryptorecord::Openpgpkeys.new(:uid => "hacky@hacktheplanet.com")
sshfp.read_file("resources/hacky.asc")
puts sshfp
Documentation
The documentation can be found at rubydoc.info