Erstellt: 10. 3. 2015, 22:43
Generating DANE DNS records for OpenPGP keys with tinydns
As a followup for the SSL records howto here is a howto for generating DANE DNS records for OpenPGP keys.
- First, you need to get the encoded string for the localpart, i. e. everything left of the @ in your email address:
echo -n eike | sha224sum
Don't forget the -n, otherwise the encoded string will include the newline character at the end of the echo output. Now you know the beginning of the DNS record, which looks like this::53a02807b5bea35087407b8b73f68cca29bd916b062a2723e5918534._openpgpkey.sf-mail.de:61:
- Now, you need the actual payload, which can be generated using this command:
gpg --export --export-options export-minimal 69b9fc4e|hexdump -ve '"\\" /1 "%.3o"'
This will be quite long, better pipe this into a file. - Finally add the TTL to the line, e. g. ":86400"