Skip to content

Kernel-Error/smimea-tools

BranchesTags

Repository files navigation

SMIMEA Tools

License: MIT

A collection of Python tools for generating and querying SMIMEA (RFC 8162) DNS records for S/MIME certificates.

Features

  • smimea_generate_record.py: Generates a BIND9-compatible SMIMEA DNS record from an email and its corresponding certificate. Supports custom TTL via --ttl.
  • smimea_lookup.py: Queries SMIMEA records from DNS, saves the certificate (as <email>.der), shows a compact summary with DNSSEC status. Use --full for complete certificate details.

Note: The lookup tool checks the DNSSEC AD (Authenticated Data) flag from your resolver and reports whether the response was authenticated. For this to work, you need a DNSSEC-validating resolver (e.g. Unbound, systemd-resolved with DNSSEC=yes).

Installation

Prerequisites

  • Python 3.9+
  • openssl command-line tool

Setup

pip install -e .

For development (includes pytest):

pip install -e ".[dev]"

Usage

Generating an SMIMEA Record

python smimea_generate_record.py <email> <certificate.pem>

Example:

python smimea_generate_record.py [email protected] user_cert.pem

The email address must match one of the addresses in the certificate. The generated record uses SMIMEA parameters 3 0 0 (DANE-EE, full certificate, exact match).

Custom TTL (default 3600):

python smimea_generate_record.py [email protected] user_cert.pem --ttl 7200

Querying an SMIMEA Record

python smimea_lookup.py <email>

Example:

python smimea_lookup.py [email protected]

Only records with selector=0 (full certificate) and matching-type=0 (exact match) are supported. Records with other parameter combinations are skipped with a warning.

Full certificate details instead of summary:

python smimea_lookup.py [email protected] --full

The certificate is saved as user_at_example.com.der in the current directory.

Project Structure

smimea-tools/
├── smimea_common.py              # Shared utilities (email hashing, colored output)
├── smimea_generate_record.py     # SMIMEA record generator
├── smimea_lookup.py              # SMIMEA DNS lookup
├── tests/                        # pytest test suite
├── pyproject.toml                # Project metadata and dependencies
└── LICENSE

Output uses colored text (green/yellow/red) on supported terminals. Set NO_COLOR=1 to disable.

Running Tests

python -m pytest -v

License

This project is licensed under the MIT License. See the LICENSE file for details.

Author

Developed by Sebastian van de Meer.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 Latest
Mar 31, 2026

Packages

 
 
 

Contributors

Languages