FYHTECH

FUN WITH LINUX

cryptorecord 0.9.2 released

17 May 2018

I proudly pronounce the first (pre-)release of cryptorecord. Cryptorecords is a ruby gem that provides an API and scripts for creating crypto-related dns-records(e.g. DANE). Currently it supports TLSA, OPENPGPKEYS and SSHFP but I plan to support other records in future. The API doesn’t create any keys or certificates. It just takes existing keyfiles to create the DNS-records.

Installation

The gem is available on Rubygems. Add this line to your application’s Gemfile:

gem 'cryptorecord'

And then execute:

$ bundle

Or install it yourself as:

$ gem install cryptorecord

Usage

This gem comes with a bunch of handy executables that helps creating the dns-records:

  • openpgpkeysrecord
  • sshfprecord
  • tlsarecord
    Usage: ./openpgpkeysrecord -u -f 
        -h, --help This help screen
        -f PGP-PUBLICKEY-FILE, PGP-Publickey-File
            --publickeyfile
        -u, --uid EMAIL email-address

    
    Usage: ./sshfprecord [options]
        -h, --help This help screen
        -f SSH-HOST-KEY-FILE, SSH-Hostkey-File
            --hostkeyfile
        -H, --host HOST host
        -d, --digest DIGEST HASH-Algorithm
        -r, --read-local-hostkeys Read all local Hostkeys.(like ssh-keygen -r)

    
    Usage: ./tlsarecord [options]
        -h, --help This help screen
        -f, --certfile CERTIFICATE-FILE Certificatefile
        -H, --host HOST host
        -p, --port PORTNUMBER port
        -P, --protocol PROTOCOL protocol(tcp,udp,sctp..)
        -s, --selector SELECTOR Selector for the association. 0 = Full Cert, 1 = SubjectPublicKeyInfo
        -u, --usage USAGE Usage for the association. 0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE
        -t, --mtype MTYPE The Matching Type of the association. 0 = Exact Match, 1 = SHA-256, 2 = SHA-512

TLSA-Example

#!/usr/bin/env ruby

require 'cryptorecord'

selector = 0
mtype = 0
usage = 3
port = 443
proto = "tcp"
host = "www.example.com"
tlsa = Cryptorecord::Tlsa.new(:selector => selector, :mtype => mtype, :usage => usage, :port => port, :proto => proto, :host => host )
tlsa.read_file("/etc/ssl/certs/ssl-cert-snakeoil.pem")
puts tlsa

SSHFP-Example

#!/usr/bin/env ruby

require 'cryptorecord'

sshfp = Cryptorecord::Sshfp.new(:digest => 1, :keyfile => '/etc/ssh/ssh_host_rsa_key.pub', :host => 'www.example.com')
puts sshfp

OPENPGPKEYS-Example

#!/usr/bin/env ruby

require 'cryptorecord'

sshfp = Cryptorecord::Openpgpkeys.new(:uid => "hacky@hacktheplanet.com")
sshfp.read_file("resources/hacky.asc")
puts sshfp

Documentation

The documentation can be found at rubydoc.info

[ Programming  Security  Crypto  Network  Ruby  Downloads  Download  ]
User image

My name is Wolfgang Hotwagner. I am a Linux and Information Security enthusiast from Vienna. This blog is about my journey through Computer Science.

Tag Cloud

External Mail Email Network openssl Puppet CLI CVE Nagios git Btrfs Kernel LVM Anniversary Shell HackADay Postgresql Raspberry TerminalEmulator Crypto Bash Programming Backup Suricata News C Toscom Mathematics One-Liner vim Web Debian Desktop Sysadmin Proxy Certification Tricks Multimedia Downloads Firewall Docker Fun Open-Source logrotate Security Software-Raid Virtualization PHP Zsh apache Hardware Ruby Blog Database Perl Linux Ansible xmas

Recent Posts

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti