A Flask-based developer tool to check if a URL is protected by the DIVE protocol (Domain-based Integrity Verification Enforcement). Available at tools.diveprotocol.org and on GitHub: diveprotocol/dive-tools.
- Check if a URL is protected by DIVE without downloading the resource.
- Retrieve DIVE policy details (scope, directives, DNSSEC status).
- List available keys for the domain.
- Simple web interface for manual checks.
- REST API for programmatic use.
- Python 3.9+
- Pip
-
Clone the repository:
git clone https://github.com/diveprotocol/dive-tools.git cd dive-tools -
Install dependencies:
pip install -r requirements.txt
-
Run the application:
python run.py
The app will be available at
http://localhost:5000.
Create a .env file to override default settings:
SECRET_KEY=your-secret-key
FLASK_DEBUG=True
DNS_RESOLVER=8.8.8.8 # Optional: Custom DNS resolver
REQUIRE_DNSSEC=True # Require DNSSEC validation- Renders the web interface.
- Check if a URL is protected by DIVE.
Parameters:
| Parameter | Type | Description |
|---|---|---|
url |
string | URL to check (required). |
Response:
{
"url": "https://example.com",
"is_protected": true,
"scope": "strict",
"policy_domain": "example.com",
"policy_fqdn": "example.com",
"dnssec_validated": true,
"directives": ["https-required"],
"keys": [
{
"key_id": "key1",
"algorithm": "ed25519",
"fqdn": "key1._divekey.example.com",
"dnssec_validated": true
}
]
}-
Same as
GET /api/check, but with a JSON body:{ "url": "https://example.com" }
gunicorn -w 4 -b 0.0.0.0:5000 run:appA Dockerfile and docker-compose.yml are already provided in the repository. Build and run with:
docker-compose up --buildThe API will be available at http://localhost:5000.
To integrate this tool into the DIVE project website:
- Deploy the API to a subdomain (e.g.,
tools.diveprotocol.org). - Embed the web interface in an iframe or link to it.
- Use the API endpoint (
/api/check) for programmatic checks.
MIT License. See LICENSE for details.