[dane] updated hash-slinger package

Paul Wouters <paul@nohats.ca> Tue, 06 January 2015 16:31 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 978991A005D for <dane@ietfa.amsl.com>; Tue, 6 Jan 2015 08:31:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0xMr_uz05u3D for <dane@ietfa.amsl.com>; Tue, 6 Jan 2015 08:31:08 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29EEF1A86E6 for <dane@ietf.org>; Tue, 6 Jan 2015 08:29:31 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3kGzgY3bgLz1c7 for <dane@ietf.org>; Tue, 6 Jan 2015 17:29:29 +0100 (CET)
Authentication-Results: mx.nohats.ca; dkim=pass reason="1024-bit key; unprotected key" header.d=nohats.ca header.i=@nohats.ca header.b=Fg5SWKk5; dkim-adsp=pass
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id 5nxXl90a6TDu for <dane@ietf.org>; Tue, 6 Jan 2015 17:29:28 +0100 (CET)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) by mx.nohats.ca (Postfix) with ESMTPS for <dane@ietf.org>; Tue, 6 Jan 2015 17:29:28 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 5DCE5803E0 for <dane@ietf.org>; Tue, 6 Jan 2015 11:29:27 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1420561767; bh=GVdMrNASe8FiJUOMzJWIw2Db6ENnycKEf5WJjiLOqvs=; h=Date:From:To:Subject; b=Fg5SWKk5ZZhFI/pkIOn0yYMXb1W67jK092NljOvNFp5fsFilFGp0BzVtb/aIEoIOF +OepPP37VtU5DKEIs4GbIoKBz0SQMJAGHt+38Rde8T19k47OqyEBAYOKUBB8N542T9 99Q1+W3ydJDov/LX7qL4rtMwQobkzVE+Glcy0Fi8=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id t06GTQsX019908 for <dane@ietf.org>; Tue, 6 Jan 2015 11:29:27 -0500
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Tue, 6 Jan 2015 11:29:26 -0500 (EST)
From: Paul Wouters <paul@nohats.ca>
To: dane WG list <dane@ietf.org>
Message-ID: <alpine.LFD.2.10.1501061124530.13632@bofh.nohats.ca>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/qAFpawpmVqtB8KA3dHcCgKzzqKE
Subject: [dane] updated hash-slinger package
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jan 2015 16:31:10 -0000

http://people.redhat.com/pwouters/hash-slinger

(in fedora/epel updates-testing repository)

I just pushed an update to hash-slinger, so now you can do:

$ openpgpkey --fetch paul@nohats.ca
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: paul@nohats.ca key obtained from DNS
Comment: key transfer was protected by DNSSEC
Version: GnuPG v1

mQENAz97DD0AAAEH/2hrtp4YrNMcOAAF8YbM8ryWl8uH/dTFzV2plMt+CVh7V5EG
N7icm8n+aXUJeY+pvftjiXj0kvEJmcOllfbvG+4Bus4cn2NtM7Yy0kZLSE050bkn
OE+WX9/ffbnXQcnk/E6DBnosIaxPCxnmL2SV6UtGNkbeC3tDcUWfrMtQaqkUhhqN
gfD1p47HIrbPGnr4EX+Ck52HPe7/neo9WZ6XR4pWNQ50clJXJfBpwZVpedx9f0ys
[...]
pOfy75us2QcD8vVTXB/pItRy+2eJP1uhiP85Xko8QhVn6Hi0spJeGHt5Wk63Mrvm
gZ3ro3/uz7/w0P56Q1bX5+bfGq8JB1UFOA0gwxZCdg==
=T8tU
-----END PGP PUBLIC KEY BLOCK-----


$ openpgpkey --fetch paul@nohats.ca | gpg --import --dry-run
gpg: WARNING: digest algorithm MD5 is deprecated
gpg: please see http://www.gnupg.org/faq/weak-digest-algos.html for more
information
gpg: key B5CC27E1: "Paul Wouters (migration only, use new key)
<paul@nohats.ca>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

It also fixes the --create option to deal with all the weird character
set anomalies in people's keys. Requires python-gnupg 0.3.7. So all
people with non-english entries in they gpg keyring should be able
to finally use openpgpkey to create OPENPGPKEY records:

openpgpkey --create your@email.com --output generic  (generic record format)
openpgpkey --create your@email.com --output rfc  (OPENPGPKEY presentation format)

(openpgpkey --verify will fetch and compare with local keyring)

It also fixes sshfp for debian and adds ECDSA key support.
And finally I added ipseckey (only with libreswan and possibly openswan)

Paul