DNSCrypt objects and functions

addDNSCryptBind(address, provider, certificate, keyfile[, options])

Adds a DNSCrypt listen socket on address.

Parameters:
  • address (string) – The address and port to listen on
  • provider (string) – The provider name for this bind
  • certificate (string) – Path to the certificate file
  • keyfile (string) – Path to the key file of the certificate
  • options (table) – A table with key: value pairs with options (see below)

Options:

  • doTCP=true: bool - Also bind on TCP on address.
  • reusePort=false: bool - Set the SO_REUSEPORT socket option.
  • tcpFastOpenSize=0: int - Set the TCP Fast Open queue size, enabling TCP Fast Open when available and the value is larger than 0
  • interface="": str - Sets the network interface to use
generateDNSCryptProviderKeys(publicKey, privateKey)

Generate a new provider keypair and write them to publicKey and privateKey.

Parameters:
  • publicKey (string) – path to write the public key to
  • privateKey (string) – path to write the private key to
generateDNSCryptCertificate(privatekey, certificate, keyfile, serial, validFrom, validUntil)

generate a new resolver private key and related certificate, valid from the validFrom UNIX timestamp until the validUntil one, signed with the provider private key.

Parameters:
  • privatekey (string) – Path to the private key of the provider.
  • certificate (string) – Path where to write the certificate file.
  • keyfile (string) – Path where to write the private key for the certificate.
  • serial (int) – The certificate’s serial number.
  • validFrom (int) – Unix timestamp from when the certificate will be valid.
  • validUntil (int) – Unix timestamp until when the certificate will be valid.
printDNSCryptProviderFingerprint(keyfile)

Display the fingerprint of the provided resolver public key

Parameters:keyfile (string) – Path to the key file
showDNSCryptBinds()

Display the currently configured DNSCrypt binds

getDNSCryptBind(n) → DNSCryptContext

Return the DNSCryptContext object corresponding to the bind n.

Certificates

class DNSCryptCert

Represents a DNSCrypt certificate.

classmethod DNSCryptCert:getClientMagic() → string

Return this certificate’s client magic value.

classmethod DNSCryptCert:getEsVersion() → string

Return the cryptographic construction to use with this certificate,.

classmethod DNSCryptCert:getMagic() → string

Return the certificate magic number.

classmethod DNSCryptCert:getProtocolMinorVersion() → string

Return this certificate’s minor version.

classmethod DNSCryptCert:getResolverPublicKey() → string

Return the public key corresponding to this certificate.

classmethod DNSCryptCert:getSerial() → int

Return the certificate serial number.

classmethod DNSCryptCert:getSignature() → string

Return this certificate’s signature.

classmethod DNSCryptCert:getTSEnd() → int

Return the date the certificate is valid from, as a Unix timestamp.

classmethod DNSCryptCert:getTSStart() → int

Return the date the certificate is valid until (inclusive), as a Unix timestamp

Context

class DNSCryptContext

Represents a DNSCrypt content. Can be used to rotate certs.

classmethod DNSCryptContext:generateAndLoadInMemoryCertificate(keyfile, serial, begin, end)

Generate a new resolver key and the associated certificate in-memory, sign it with the provided provider key, and use the new certificate

Parameters:
  • keyfile (string) – Path to the key file to use
  • serial (int) – The serial number of the certificate
  • begin (int) – Unix timestamp from when the certificate is valid
  • end (int) – Unix timestamp from until the certificate is valid
classmethod DNSCryptContext:getCurrentCertificate() → DNSCryptCert

Return the current certificate.

classmethod DNSCryptContext:getOldCertificate() → DNSCryptCert

Return the previous certificate.

classmethod DNSCryptContext:getProviderName() → string

Return the provider name

classmethod DNSCryptContext:hasOldCertificate() → bool

Whether or not the context has a previous certificate, from a certificate rotation.

classmethod DNSCryptContext:loadNewCertificate(certificate, keyfile)

Load a new certificate and the corresponding private key, and use it

Parameters:
  • certificate (string) – Path to a certificate file
  • keyfile (string) – Path to a the corresponding key file