Generate DNS OPENPGPKEY Record
Generate DNS OPENPGPKEY resource records from a PGP public key.
The OPENPGPKEY DNS record is specified in RFC 7929. The localpart of the uid is encoded as a DNS label containing the hexdump of the SHA-256 hash of the utf-8 encoded localpart, truncated to 28 octets. Normally the "Standard" output format should be used. The "Generic Encoding" output format is provided to help work with older DNS software that does not yet understand the OPENPGPKEY record type.
Other DANE Tools
References
- RFC 6698: DANE and TLSA record specification, August 2012
- RFC 7671: DANE Protocol: Updates and Operational Guidance
- RFC 7672: SMTP Security via opportunistic DANE TLS
- Unknown Key-Share Attacks on DANE
- DNSSEC and Certificates; October 19 2012
- How DANE Strengthens Security for TLS, S/MIME, and Other Applications; November 2015
- Whither DANE? -- APNIC Blog; July 05 2019
- Shumon Huque's website