OpenPGP DANE - Tester

RFC 7929 defines a method for storing OpenPGP public keys in DNS using the OPENPGPKEY resource record (TYPE 61). This allows key discovery using only DNS, secured by DNSSEC.

Given an e-mail address, the DNS name is constructed by:

Taking the local-part of the e-mail address (left of @) and converting it to lowercase
Computing the SHA-256 hash and truncating to 28 octets (224 bits)
Hex-encoding the result (56 characters)

The final DNS name is:
<56-char-hex>._openpgpkey.<domain>
For example, for [email protected]:
c93f1e400f26708f98cb19d936620da35eec8f72e57f9eec01c1afd6._openpgpkey.example.com

The RDATA of the OPENPGPKEY record contains the binary OpenPGP Transferable Public Key. DNSSEC validation is required for trust.

Lookup

For testing purposes, you can use the following form to look up OPENPGPKEY DNS records for a given e-mail address:

API usage

There is also an API that returns the same results in JSON format, its endpoint is: /api/[email protected]

You can find the OpenAPI specification and Swagger UI at /api-docs/ui/