dane-discovery

A library for using DANE for public key discovery.

Development Status
- 4 - Beta
Intended Audience
- Developers
License
- OSI Approved :: BSD License
Operating System
- MacOS :: MacOS X
- POSIX :: Linux
Programming Language
Topic
- Security

Project description

A library for using DANE TLSA records for certificate discovery.

https://circleci.com/gh/ValiMail/dane-discovery.svg?style=shield

Quick Start

Installation

pip install dane-discovery

Load a certificate from DNS and print the PEM representation

from dane_discovery.dane import DANE
from dane_discovery.pki import PKI
dns_name = "dns.name.having.a.tlsa.record"
tlsa_record = DANE.get_first_leaf_certificate(dns_name)
if not tlsa_record:
    raise ValueError("No leaf certificate found for {}.".format(dns_name))

der_cert = PKI.certificate_association_to_der(tlsa_record["certificate_association"])
print(PKI.der_to_pem(der_cert))

Load a DANE identity from DNS and print the request context

from dane_discovery.identity import Identity
dns_name = "dns.name.having.a.tlsa.record"
dane_identity = Identity(dns_name)
print(dane_identity.report())

Name: abc123.air-quality-sensor._device.example.net
Request context:
  DNSSEC: False
  TLS: False
  TCP: True
Credential index: 0
  certificate usage: DANE-EE
  selector: Full certificate match
  matching type: Exact match against certificate association
  x509 attributes:
    {'extensions': {'BasicConstrints': {'ca': False, 'path_length': None},
                    'KeyUsage': {'content_commitment': True,
                                 'crl_sign': False,
                                 'data_encipherment': False,
                                 'digital_signature': True,
                                 'key_agreement': False,
                                 'key_cert_sign': False,
                                 'key_encipherment': True}},
     'subject': {'commonName': 'abc123.air-quality-sensor._device.example.net',
                 'countryName': 'US',
                 'organizationName': 'Example Networks',
                 'stateOrProvinceName': 'CA'}}

More examples

Project details

Development Status
- 4 - Beta
Intended Audience
- Developers
License
- OSI Approved :: BSD License
Operating System
- MacOS :: MacOS X
- POSIX :: Linux
Programming Language
Topic
- Security

Release history Release notifications | RSS feed

This version

0.17

Jul 20, 2021

0.16

Jun 8, 2021

0.15

Jun 5, 2021

0.14

Jun 4, 2021

0.13

Jun 4, 2021

0.12

May 28, 2021

0.11

May 18, 2021

0.10

May 11, 2021

0.9

Mar 2, 2021

0.8

Feb 27, 2021

0.7

Feb 18, 2021

0.6

Nov 10, 2020

0.5

Oct 15, 2020

0.4

Oct 15, 2020

0.3

Oct 15, 2020

0.2

Aug 13, 2020

0.1

Aug 4, 2020

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for dane-discovery, version 0.17
Filename, size	File type	Python version	Upload date	Hashes
Filename, size dane_discovery-0.17-py3-none-any.whl (21.0 kB)	File type Wheel	Python version py3	Upload date Jul 20, 2021	Hashes View
Filename, size dane_discovery-0.17.tar.gz (20.0 kB)	File type Source	Python version None	Upload date Jul 20, 2021	Hashes View

Hashes for dane_discovery-0.17-py3-none-any.whl

Hashes for dane_discovery-0.17-py3-none-any.whl
Algorithm	Hash digest
SHA256	`2af1d2da614175219086b8b00a985fe6075eac7fe29fd0a59b089289950d6fae`
MD5	`ed17cf648d0cd68fa51081f07838b125`
BLAKE2-256	`9e51d0392949e18153aac7ff58b3e54bb985d5713a8cebebf52843f6a192c07d`

Hashes for dane_discovery-0.17.tar.gz

Hashes for dane_discovery-0.17.tar.gz
Algorithm	Hash digest
SHA256	`3d97b593ff50dfb10e465edddfdd583ceb7b978ef27b057ea918a4bee5212e6a`
MD5	`d3a6d40f21e9153ee56fa680d67c025d`
BLAKE2-256	`26f1e7aecd23fac594582ca0a7cf47eb34fadaca42f990b9ff707e3188e52ce4`