Convert to Python package with setuptools
This commit is contained in:
91
README.md
Normal file
91
README.md
Normal file
@@ -0,0 +1,91 @@
|
||||
# prolo-tlsa
|
||||
|
||||
Generate TLSA records from Let's Encrypt certificates and optionally publish to DNS via Prolocation API.
|
||||
|
||||
## Description
|
||||
|
||||
This Python package generates TLSA records for DNS-based Authentication of Named Entities (DANE) using X.509 certificates from Let's Encrypt. It employs OpenSSL to compute the SHA-256 hash of the Subject Public Key Info (SPKI) in DER format.
|
||||
|
||||
Optionally, it can publish the generated TLSA records directly to the Prolocation DNS API.
|
||||
|
||||
The package is designed for sysadmins and developers managing secure TLS connections with DANE.
|
||||
|
||||
## Features
|
||||
|
||||
- Generate TLSA records for end-entity (usage 3) and issuer (usage 2) certificates.
|
||||
- Support for custom port and protocol (default: 25/tcp for SMTP).
|
||||
- Automatic DNS zone detection, preferring the deepest sub-zone.
|
||||
- Safe publishing: removes existing TLSA records before adding new ones.
|
||||
- CLI interface with logging.
|
||||
|
||||
## Installation
|
||||
|
||||
### From Source
|
||||
|
||||
Clone the repository and install:
|
||||
|
||||
```bash
|
||||
git clone https://git.fabianvk.nl/faab/prolo-tlsa.git
|
||||
cd prolo-tlsa
|
||||
pip install .
|
||||
```
|
||||
|
||||
### Dependencies
|
||||
|
||||
- Python >= 3.8
|
||||
- `requests` (automatically installed)
|
||||
- OpenSSL (for certificate processing)
|
||||
|
||||
## Usage
|
||||
|
||||
### Command Line
|
||||
|
||||
Generate TLSA records for a hostname:
|
||||
|
||||
```bash
|
||||
prolo-tlsa example.com
|
||||
```
|
||||
|
||||
Output will be the TLSA record values (e.g., `3 1 1 abc123...`).
|
||||
|
||||
To publish to DNS (requires API key):
|
||||
|
||||
```bash
|
||||
export PROLOCATION_API_KEY="your-api-key"
|
||||
prolo-tlsa example.com --publish --port 443 --protocol tcp
|
||||
```
|
||||
|
||||
### Options
|
||||
|
||||
- `hostname`: The hostname to generate records for.
|
||||
- `--publish`: Publish records to Prolocation DNS API.
|
||||
- `--port`: Port number for TLSA record (default: 25).
|
||||
- `--protocol`: Protocol for TLSA record (default: tcp).
|
||||
|
||||
### Python Module
|
||||
|
||||
Import and use programmatically:
|
||||
|
||||
```python
|
||||
from prolo_tlsa import generate_tlsa_for_cert, get_api_key, publish_tlsa_records
|
||||
|
||||
# Example: generate for a cert file
|
||||
tlsa = generate_tlsa_for_cert(Path("/path/to/cert.pem"), usage=3)
|
||||
```
|
||||
|
||||
## Assumptions
|
||||
|
||||
- Certificates located at `/etc/letsencrypt/live/<hostname>/cert.pem` and `/etc/letsencrypt/live/<hostname>/chain.pem`.
|
||||
- For publishing: Set `PROLOCATION_API_KEY` environment variable.
|
||||
|
||||
## License
|
||||
|
||||
MIT License
|
||||
|
||||
## Contributing
|
||||
|
||||
Issues and pull requests welcome at: https://git.fabianvk.nl/faab/prolo-tlsa
|
||||
|
||||
## Author
|
||||
|
||||
Fabian van Keulen <f@bianvk.nl>
|
||||
Reference in New Issue
Block a user