Skip to main content

A library for using DANE for public key discovery.

Project description

A library for using DANE TLSA records for certificate discovery.

Documentation Status Maintainability Test Coverage

Quick Start


pip install dane-discovery

Load a certificate from DNS and print the PEM representation

from dane_discovery.dane import DANE
dns_name = ""
tlsa_record = DANE.get_first_leaf_certificate(dns_name)
if not tlsa_record:
    raise ValueError("No leaf certificate found for {}.".format(dns_name))

der_cert = DANE.certificate_association_to_der(tlsa_record["certificate_association"])

Load a DANE identity from DNS and print the request context
from dane_discovery.identity import Identity
dns_name = ""
dane_identity = Identity(dns_name)

Request context:
  DNSSEC: False
  TLS: False
  TCP: True
Credential index: 0
  certificate usage: DANE-EE
  selector: Full certificate match
  matching type: Exact match against certificate association
  x509 attributes:
    {'extensions': {'BasicConstrints': {'ca': False, 'path_length': None},
                    'KeyUsage': {'content_commitment': True,
                                 'crl_sign': False,
                                 'data_encipherment': False,
                                 'digital_signature': True,
                                 'key_agreement': False,
                                 'key_cert_sign': False,
                                 'key_encipherment': True}},
     'subject': {'commonName': '',
                 'countryName': 'US',
                 'organizationName': 'Example Networks',
                 'stateOrProvinceName': 'CA'}}

More examples




  • Fix parsing of full DNS response message. [Ash Wilson]

v0.3 (2020-10-15)


  • Identity __repr__() indicates request context and x509 extensions. [Ash Wilson]


  • DANE.get_tlsa_records() returns request context. [Ash Wilson]

v0.2 (2020-08-13)


  • Support generating TLSA records for matching type 1, 2. [Ash Wilson]

    Closes #3

v0.1 (2020-08-04)


  • Add certificate_association_to_der() and der_to_pem() for formatting certs from TLSA RRs. [Ash Wilson]

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for dane-discovery, version 0.4
Filename, size File type Python version Upload date Hashes
Filename, size dane_discovery-0.4-py3-none-any.whl (9.1 kB) File type Wheel Python version py3 Upload date Hashes View
Filename, size dane_discovery-0.4.tar.gz (8.9 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring DigiCert DigiCert EV certificate Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page