-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathopenpgpkey.1.xml
129 lines (108 loc) · 4.68 KB
/
openpgpkey.1.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<refentry id='openpgpkey'>
<refentryinfo><date>December 30, 2013</date></refentryinfo>
<refmeta>
<refentrytitle>openpgpkey</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class='date'>January 6, 2014</refmiscinfo>
<refmiscinfo class='source'>Paul Wouters</refmiscinfo>
<refmiscinfo class='manual'>Internet / DNS</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>openpgpkey</refname>
<refpurpose>Create and verify RFC-TBD OPENPGPKEY DNS records</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsect1 id='syntax'><title>SYNTAX</title>
<para>openpgpkey [<option>--fetch</option> | <option>--verify</option>]
[<option>--insecure</option>]
[<option>--resolv.conf /PATH/TO/RESOLV.CONF</option>]
<emphasis remap='I'>user@domain</emphasis>
<!-- .br -->
</para>
<para>openpgpkey [<option>--create</option>]
[<option>--insecure</option>]
[<option>--resolv.conf /PATH/TO/RESOLV.CONF</option>]
[<option>--output {rfc,generic,both}</option>]
[<option>--uid <uid></option>]
[<option>--keyid <keyid></option>]
<emphasis remap='I'>user@domain</emphasis>
<!-- .br -->
</para>
</refsect1>
<refsect1 id='description'><title>DESCRIPTION</title>
<para>openpgpkey generates RFC-7929 OPENPGPKEY DNS records. To generate these records for older nameserver
implementations that do not yet support the OPENPGPKEY record, specify <emphasis remap='I'>--output generic</emphasis>
to output the openpgpkey data in Generic Record (RFC-3597) format. Records are generated by taking all keys with the specified
email address associated with it from the user's local GnuPG keychain.
</para><para>Verification of OPENPGPKEY records is done by comparing the keyid and fingerprint of the OPENPGPKEY obtained from DNS with the version in the local GnuPG keychain.
</para>
</refsect1>
<refsect1 id='options'><title>OPTIONS</title>
<variablelist remap='TP'>
<varlistentry>
<term><option>--fetch</option> </term>
<listitem>
<para>Fetch an OPENPGPKEY public key record from DNS</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--create</option> </term>
<listitem>
<para>Create an OPENPGPKEY DNS record</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--verify</option> </term>
<listitem>
<para>Verify a public key from the local GPG keyring with the OPENPGPKEY DNS record</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--resolvconf</option> FILE</term>
<listitem>
<para>Specify a custom resolv.conf file (default: /etc/resolv.conf)</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--output</option> rfc | generic | both </term>
<listitem>
<para>Output format of OPENPGPKEY record. "OPENPGPKEY" for rfc, "TYPE61" for generic (default: generic) </para>
</listitem>
</varlistentry>
</variablelist>
<para>If neither create or verify is specified, create is used.</para>
</refsect1>
<refsect1 id='requirements'><title>REQUIREMENTS</title>
<para>openpgpkey requires the following python libraries: unbound, gnupg and argparse. It also requires gnupg which provides the gpg command.</para>
</refsect1>
<refsect1 id='bugs'><title>BUGS</title>
<para>none known</para>
</refsect1>
<refsect1 id='examples'><title>EXAMPLES</title>
<para>typical usage:</para>
<para>openpgpkey --fetch paul@nohats.ca > paul.pubkey</para>
<para>openpgpkey --verify paul@nohats.ca</para>
<para>openpgpkey --create paul@nohats.ca</para>
</refsect1>
<refsect1 id='see_also'><title>SEE ALSO</title>
<para>RFC-7929</para>
<para><ulink url='https://github.com/letoams/hash-slinger'>https://github.com/letoams/hash-slinger</ulink></para>
</refsect1>
<refsect1 id='authors'><title>AUTHORS</title>
<para>Paul Wouters <pwouters@redhat.com></para>
</refsect1>
<refsect1 id='copyright'><title>COPYRIGHT</title>
<para>Copyright 2014-2022</para>
<para>This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your
option) any later version. See <<ulink url='http://www.fsf.org/copyleft/gpl.txt'>http://www.fsf.org/copyleft/gpl.txt</ulink>>.</para>
<para>This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
Public License (file COPYING in the distribution) for more details.</para>
</refsect1>
</refentry>