Skip to content

README.md

Latest commit

 

History

History
102 lines (66 loc) · 2.68 KB

README.md

File metadata and controls

102 lines (66 loc) · 2.68 KB

SMIMEA Tools

License: MIT

A collection of Python tools for generating and querying SMIMEA (RFC 8162) DNS records for S/MIME certificates.

Features

  • smimea_generate_record.py: Generates a BIND9-compatible SMIMEA DNS record from an email and its corresponding certificate. Supports custom TTL via --ttl.
  • smimea_lookup.py: Queries SMIMEA records from DNS, saves the certificate (as <email>.der), shows a compact summary with DNSSEC status. Use --full for complete certificate details.

Note: The lookup tool checks the DNSSEC AD (Authenticated Data) flag from your resolver and reports whether the response was authenticated. For this to work, you need a DNSSEC-validating resolver (e.g. Unbound, systemd-resolved with DNSSEC=yes).

Installation

Prerequisites

  • Python 3.9+
  • openssl command-line tool

Setup

pip install -e .

For development (includes pytest):

pip install -e ".[dev]"

Usage

Generating an SMIMEA Record

python smimea_generate_record.py <email> <certificate.pem>

Example:

python smimea_generate_record.py user@example.com user_cert.pem

The email address must match one of the addresses in the certificate. The generated record uses SMIMEA parameters 3 0 0 (DANE-EE, full certificate, exact match).

Custom TTL (default 3600):

python smimea_generate_record.py user@example.com user_cert.pem --ttl 7200

Querying an SMIMEA Record

python smimea_lookup.py <email>

Example:

python smimea_lookup.py user@example.com

Only records with selector=0 (full certificate) and matching-type=0 (exact match) are supported. Records with other parameter combinations are skipped with a warning.

Full certificate details instead of summary:

python smimea_lookup.py user@example.com --full

The certificate is saved as user_at_example.com.der in the current directory.

Project Structure

smimea-tools/
├── smimea_common.py              # Shared utilities (email hashing, colored output)
├── smimea_generate_record.py     # SMIMEA record generator
├── smimea_lookup.py              # SMIMEA DNS lookup
├── tests/                        # pytest test suite
├── pyproject.toml                # Project metadata and dependencies
└── LICENSE

Output uses colored text (green/yellow/red) on supported terminals. Set NO_COLOR=1 to disable.

Running Tests

python -m pytest -v

License

This project is licensed under the MIT License. See the LICENSE file for details.

Author

Developed by Sebastian van de Meer.