How to use '--verify-options pka-lookup'?
WhiteWinterWolf
gnupg.lists at whitewinterwolf.com
Sun Dec 10 15:40:51 CET 2017
Hi,
Can anyone tell me or point me to some example on how to use the
following option:
--verify-options pka-lookup
As per my understanding, given a pubkey in the keyring and a signed
file, this parameter should tell GPG to contact the DNS server handling
the domain from the pubkey email address and ensure that the key
fingerprint is indeed the expected one.
I find this option interesting since, as long as PKA is not used to
fetch the key too, it opens a very convenient way to check a key from
two independent sources and make it far harder for an attacker to
replace a key (as long as SHA-1 fingerprints can be trusted).
However, I can try to use this option any way I can think of, it just
doesn't seem to have any noticeable effect.
Here is an example on how I tried to use this option:
gpg --verify-options pka-lookup --verify somefile.sig somefile.txt
PKA lookup step seems to be simply ignored and skipped.
Thank you by advance!
Simon.
--
WhiteWinterWolf
https://www.whitewinterwolf.com
--
WhiteWinterWolf
https://www.whitewinterwolf.com
More information about the Gnupg-users
mailing list