# DANE Tester

> A web-based tool for testing and debugging OpenPGP DANE (RFC 7929) OPENPGPKEY DNS records.

## API Documentation

- [DANE Tester API](/api-docs/ui/): Interactive Swagger UI
- [OpenAPI Specification](/api-docs/openapi.json): Machine-readable spec
- [API Lookup Endpoint](/api/lookup): REST endpoint for DANE record lookups

## Technical Details

DANE (DNS-Based Authentication of Named Entities) for OpenPGP, as specified in RFC 7929, provides a method for storing OpenPGP public keys in DNS using the OPENPGPKEY resource record (TYPE 61). This allows key discovery using only DNS, secured by DNSSEC.

### DNS Name Construction

Given an e-mail address, the DNS name is constructed by:

1. Taking the **local-part** of the e-mail address (left of @) and converting it to **lowercase**
2. Computing the **SHA-256 hash** and **truncating** to 28 octets (224 bits)
3. **Hex-encoding** the result (56 characters)

The final DNS name is:
```
<56-char-hex>._openpgpkey.<domain>
```

For example, for `hugh@example.com`:
```
c93f1e400f26708f98cb19d936620da35eec8f72e57f9eec01c1afd6._openpgpkey.example.com
```

The RDATA of the OPENPGPKEY record contains the binary OpenPGP Transferable Public Key. DNSSEC validation is required for trust.

## Optional

- [Source Code](https://github.com/chimbosonic/dane-tester): Original repository
- [RFC 7929](https://datatracker.ietf.org/doc/html/rfc7929): DANE OpenPGP Key Specification