1OPENPGPKEY(1)                   Internet / DNS                   OPENPGPKEY(1)
2
3
4

NAME

6       openpgpkey - Create and verify RFC-TBD OPENPGPKEY DNS records
7

SYNTAX

9       openpgpkey [--fetch | --verify] [--insecure] [--resolv.conf
10       /PATH/TO/RESOLV.CONF] user@domain
11
12       openpgpkey [--create] [--insecure] [--resolv.conf /PATH/TO/RESOLV.CONF]
13       [--output {rfc,generic,both}] [--uid <uid>] [--keyid <keyid>]
14       user@domain
15

DESCRIPTION

17       openpgpkey generates RFC-TBD OPENPGPKEY DNS records. To generate these
18       records for older nameserver implementations that do not yet support
19       the OPENPGPKEY record, specify --output generic to output the
20       openpgpkey data in Generic Record (RFC-3597) format. Records are
21       generated by taking all keys with the specified email address
22       associated with it from the user's local GnuPG keychain.
23
24       Verification of OPENPGPKEY records is done by comparing the keyid and
25       fingerprint of the OPENPGPKEY obtained from DNS with the version in the
26       local GnuPG keychain.
27

OPTIONS

29       --fetch
30           Fetch an OPENPGPKEY public key record from DNS
31
32       --create
33           Create an OPENPGPKEY DNS record
34
35       --verify
36           Verify a public key from the local GPG keyring with the OPENPGPKEY
37           DNS record
38
39       --resolvconf FILE
40           Specify a custom resolv.conf file (default: /etc/resolv.conf)
41
42       --output rfc | generic | both
43           Output format of OPENPGPKEY record. "OPENPGPKEY" for rfc, "TYPE61"
44           for generic (default: generic)
45
46       If neither create or verify is specified, create is used.
47

REQUIREMENTS

49       openpgpkey requires the following python libraries: unbound, gnupg and
50       argparse. It also requires gnupg which provides the gpg command.
51

BUGS

53       none known
54

EXAMPLES

56       typical usage:
57
58       openpgpkey --fetch paul@nohats.ca > paul.pubkey
59
60       openpgpkey --verify paul@nohats.ca
61
62       openpgpkey --create paul@nohats.ca
63

SEE ALSO

65       draft-ietf-dane-openpgpkey
66
67       http://people.redhat.com/pwouters/hash-slinger/
68

AUTHORS

70       Paul Wouters <pwouters@redhat.com>
71

73       Copyright 2014-2015
74
75       This program is free software; you can redistribute it and/or modify it
76       under the terms of the GNU General Public License as published by the
77       Free Software Foundation; either version 2 of the License, or (at your
78       option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
79
80       This program is distributed in the hope that it will be useful, but
81       WITHOUT ANY WARRANTY; without even the implied warranty of
82       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
83       General Public License (file COPYING in the distribution) for more
84       details.
85
86
87
88Paul Wouters                   December 30, 2013                 OPENPGPKEY(1)
Impressum