table of contents
OPENPGPKEY(1) | Internet / DNS | OPENPGPKEY(1) |
NAME¶
openpgpkey - Create and verify RFC-TBD OPENPGPKEY DNS records
SYNTAX¶
openpgpkey [--fetch | --verify] [--insecure] [--resolv.conf /PATH/TO/RESOLV.CONF] user@domain
openpgpkey [--create] [--insecure] [--resolv.conf /PATH/TO/RESOLV.CONF] [--output {rfc,generic,both}] [--uid <uid>] [--keyid <keyid>] user@domain
DESCRIPTION¶
openpgpkey generates RFC-7929 OPENPGPKEY DNS records. To generate these records for older nameserver implementations that do not yet support the OPENPGPKEY record, specify --output generic to output the openpgpkey data in Generic Record (RFC-3597) format. Records are generated by taking all keys with the specified email address associated with it from the user's local GnuPG keychain.
Verification of OPENPGPKEY records is done by comparing the keyid and fingerprint of the OPENPGPKEY obtained from DNS with the version in the local GnuPG keychain.
OPTIONS¶
--fetch
--create
--verify
--resolvconf FILE
--output rfc | generic | both
If neither create or verify is specified, create is used.
REQUIREMENTS¶
openpgpkey requires the following python libraries: unbound, gnupg and argparse. It also requires gnupg which provides the gpg command.
BUGS¶
none known
EXAMPLES¶
typical usage:
openpgpkey --fetch paul@nohats.ca > paul.pubkey
openpgpkey --verify paul@nohats.ca
openpgpkey --create paul@nohats.ca
SEE ALSO¶
draft-ietf-dane-openpgpkey
AUTHORS¶
Paul Wouters <pwouters@redhat.com>
COPYRIGHT¶
Copyright 2014-2015
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License (file COPYING in the distribution) for more details.
December 30, 2013 | Paul Wouters |