'\" t
.\"     Title: openpgpkey
.\"    Author: [see the "AUTHORS" section]
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\"      Date: December 30, 2013
.\"    Manual: Internet / DNS
.\"    Source: Paul Wouters
.\"  Language: English
.\"
.TH "OPENPGPKEY" "1" "December 30, 2013" "Paul Wouters" "Internet / DNS"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
openpgpkey \- Create and verify RFC\-TBD OPENPGPKEY DNS records
.SH "SYNTAX"
.PP
openpgpkey [\fB\-\-fetch\fR
|
\fB\-\-verify\fR] [\fB\-\-insecure\fR] [\fB\-\-resolv\&.conf /PATH/TO/RESOLV\&.CONF\fR]
\fIuser@domain\fR
.PP
openpgpkey [\fB\-\-create\fR] [\fB\-\-insecure\fR] [\fB\-\-resolv\&.conf /PATH/TO/RESOLV\&.CONF\fR] [\fB\-\-output {rfc,generic,both}\fR] [\fB\-\-uid <uid>\fR] [\fB\-\-keyid <keyid>\fR]
\fIuser@domain\fR
.SH "DESCRIPTION"
.PP
openpgpkey generates RFC\-7929 OPENPGPKEY DNS records\&. To generate these records for older nameserver implementations that do not yet support the OPENPGPKEY record, specify
\fI\-\-output generic\fR
to output the openpgpkey data in Generic Record (RFC\-3597) format\&. Records are generated by taking all keys with the specified email address associated with it from the user\*(Aqs local GnuPG keychain\&.
.PP
Verification of OPENPGPKEY records is done by comparing the keyid and fingerprint of the OPENPGPKEY obtained from DNS with the version in the local GnuPG keychain\&.
.SH "OPTIONS"
.PP
\fB\-\-fetch\fR
.RS 4
Fetch an OPENPGPKEY public key record from DNS
.RE
.PP
\fB\-\-create\fR
.RS 4
Create an OPENPGPKEY DNS record
.RE
.PP
\fB\-\-verify\fR
.RS 4
Verify a public key from the local GPG keyring with the OPENPGPKEY DNS record
.RE
.PP
\fB\-\-resolvconf\fR FILE
.RS 4
Specify a custom resolv\&.conf file (default: /etc/resolv\&.conf)
.RE
.PP
\fB\-\-output\fR rfc | generic | both
.RS 4
Output format of OPENPGPKEY record\&. "OPENPGPKEY" for rfc, "TYPE61" for generic (default: generic)
.RE
.PP
If neither create or verify is specified, create is used\&.
.SH "REQUIREMENTS"
.PP
openpgpkey requires the following python libraries: unbound, gnupg and argparse\&. It also requires gnupg which provides the gpg command\&.
.SH "BUGS"
.PP
none known
.SH "EXAMPLES"
.PP
typical usage:
.PP
openpgpkey \-\-fetch paul@nohats\&.ca > paul\&.pubkey
.PP
openpgpkey \-\-verify paul@nohats\&.ca
.PP
openpgpkey \-\-create paul@nohats\&.ca
.SH "SEE ALSO"
.PP
draft\-ietf\-dane\-openpgpkey
.PP
\m[blue]\fBhttp://people\&.redhat\&.com/pwouters/hash\-slinger/\fR\m[]
.SH "AUTHORS"
.PP
Paul Wouters <pwouters@redhat\&.com>
.SH "COPYRIGHT"
.PP
Copyright 2014\-2015
.PP
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version\&. See <\m[blue]\fBhttp://www\&.fsf\&.org/copyleft/gpl\&.txt\fR\m[]>\&.
.PP
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License (file COPYING in the distribution) for more details\&.