Cryptorecord

GPL Licence
Build Status Inline docs Code Climate Test Coverage Gem Version

This gem provides an API and scripts for creating crypto-related dns-records(e.g. DANE).

At the moment the following records are supported:

  • TLSA
  • SSHFP
  • OPENPGPKEYS

This API does neither create nor provide any public keys/certificates. It just uses existing keys to create the dns-records.

Installation

Add this line to your application's Gemfile:

gem 'cryptorecord'

And then execute:

$ bundle

Or install it yourself as:

$ gem install cryptorecord

Docker

Build Image

docker build -t cryptorecord .

Run container

Lets mount the certificate in /certs and run tlsarecord using this cert:

podman run --rm -v /etc/ssl/certs/ssl-cert-snakeoil.pem:/certs/ssl-cert-snakeoil.pem cryptorecord tlsarecord -f /certs/ssl-cert-snakeoil.pem

Usage

This gem comes with some example scripts like:

  • openpgpkeysrecord
  • sshfprecord
  • tlsarecord
Usage: ./openpgpkeysrecord -u <email> -f <gpgkeyfile>
    -h, --help                       This help screen
    -f PGP-PUBLICKEY-FILE,           PGP-Publickey-File
        --publickeyfile
    -u, --uid EMAIL                  email-address


Usage: ./sshfprecord [ options ]
    -h, --help                       This help screen
    -f SSH-HOST-KEY-FILE,            SSH-Hostkey-File
        --hostkeyfile
    -H, --host HOST                  host
    -d, --digest DIGEST              HASH-Algorithm
    -r, --read-local-hostkeys        Read all local Hostkeys.(like ssh-keygen -r)

Usage: ./tlsarecord [ options ]
    -h, --help                       This help screen
    -f, --certfile CERTIFICATE-FILE  Certificatefile
    -H, --host HOST                  host
    -p, --port PORTNUMBER            port
    -P, --protocol PROTOCOL          protocol(tcp,udp,sctp..)
    -s, --selector SELECTOR          Selector for the association. 0 = Full Cert, 1 = SubjectPublicKeyInfo
    -u, --usage USAGE                Usage for the association. 0 = PKIX-CA, 1 = PKIX-EE, 2 = DANE-TA, 3 = DANE-EE
    -t, --mtype MTYPE                The Matching Type of the association. 0 = Exact Match, 1 = SHA-256, 2 = SHA-512

TLSA Example

#!/usr/bin/env ruby

require 'cryptorecord'

selector = 0
mtype = 0
usage = 3
port = 443
proto = "tcp"
host = "www.example.com"
tlsa = Cryptorecord::Tlsa.new(:selector => selector, :mtype => mtype, :usage => usage, :port => port, :proto => proto, :host => host )
tlsa.read_file("/etc/ssl/certs/ssl-cert-snakeoil.pem")
puts tlsa

SSHFP Example

#!/usr/bin/env ruby

require 'cryptorecord'

sshfp = Cryptorecord::Sshfp.new(:digest => 1, :keyfile => '/etc/ssh/ssh_host_rsa_key.pub', :host => 'www.example.com')
puts sshfp

OPENPGPKEYS Example

#!/usr/bin/env ruby

require 'cryptorecord'

opk = Cryptorecord::Openpgpkey.new(:uid => "[email protected]")
opk.read_file("resources/hacky.asc")
puts opk

Documentation

rubydoc.info

Resources

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install.

Run tests

docker run --rm --entrypoint "rake" cryptorecord

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/whotwagner/cryptorecord. This project is intended to be a safe, welcoming space for collaboration.