publishing PGP keys in DNS
Werner Koch
wk at gnupg.org
Wed Dec 21 09:22:17 CET 2016
Hi Bjoern,
On Tue, 20 Dec 2016 22:44, bjoern at schiessle.org said:
> I want to publish my GnuPG key in DNS, therefore I followed this Howto:
> http://www.gushi.org/make-dns-cert/HOWTO.html
I huess that this howto is too old.
> $ dig +short bjoern._pka.schiessle.org. TXT
> "v=pka1;fpr=244FCEB0CB099524B21FB8962378A753E2BF04F6;uri=https://www.schiessle.org/privacy/gpg-key.txt"
With version 2.1.3 the PKA method was changed (it was never in
widespread use):
* gpg: New option --print-pka-records. Changed the PKA method to use
CERT records and hashed names. [Update: --print-pka-records
replaced in 2.1.14.]
and in 2.1.14
* gpg: Removed options --print-dane-records and --print-pka-records.
The new export options "export-pka" and "export-dane" can instead
be used with the export command.
Here is how you can create such records:
$ gpg --export-options export-pka --export wk at gnupg.org
$ORIGIN _pka.gnupg.org.
; ECAF7590EB3443B5C7CF3ACB6C7EE1B8621CC013
; Werner Koch <wk at gnupg.org>
nq6t9teux7edsnwdksswydu4o9i5es3f TYPE37 \# 26 0006 0000 00 14 [...]
[...]
Anyway, I would suggest to avoid DNS and use the Web Key Directory
instead. See
<https://gnupg.org/blog/20161027-hosting-a-web-key-directory.html>. I
can also offer to work with schokokeks.org to setup the whole thing for
all their users.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: </pipermail/attachments/20161221/08f6e8bd/attachment.sig>
More information about the Gnupg-users
mailing list