PKA support
Damien Goutte-Gattat
dgouttegattat at incenp.org
Thu Apr 9 22:01:16 CEST 2026
On Thu Apr 9, 2026 at 5:14 PM BST, Klaus Ethgen wrote:
> I just realized, as I was searching for Werner's current key, that PKA
> was removed from GnuPG in 2021.
>
> Until now that was my preferred way to spread my key.
>
> What was the reason for that?
As far as I know, PKA has always been a GnuPG-specific method. Now we
actually have a standardized way of doing the same thing: DANE, as
specified in RFC 7929 [1] -- which GnuPG has supported since the early
2.1 branch.
Use `gpg --export-options export-dane --export MY_KEY` to get GnuPG to
print a suitable DANE OPENPGPKEY record for your key, that you can then
publish to your DNS zone.
Use `gpg --auto-key-locate dane --locate-key RECIPIENT_ADDRESS` to fetch
a key that is being distributed through DANE.
- Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 265 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20260409/934c0b92/attachment.sig>
More information about the Gnupg-users
mailing list