dns cert support (was: GnuPG 1.4.3 released)

Peter Palfrader peter at palfrader.org
Tue Apr 4 20:25:01 CEST 2006

On Mon, 03 Apr 2006, Werner Koch wrote:

>     * New auto-key-locate option that takes an ordered list of methods
>       to locate a key if it is not available at encryption time (-r or
>       --recipient).  Possible methods include "cert" (use DNS CERT as
>       per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP
>       server for the domain in question), "keyserver" (use the
>       currently defined keyserver), as well as arbitrary keyserver
>       URIs that will be contacted for the key.
>     * Able to retrieve keys using DNS CERT records as per RFC-2538bis
>       (currently in draft): http://www.josefsson.org/rfc2538bis

How would I try to retrieve the key for peter at palfrader.org from DNS[1]
using GnuPG's command line, other than simulating an encryption (like in
gpg --auto-key-locate cert --recipient peter at palfrader.org --encrypt)
to the user in question?

Also, is there a tool that produces a snippet which is ready for
inclusion into a zone file anywhere?  Something similar to ssh-keygen
for SSHFP RRs:
  weasel at galaxy:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key -g
  galaxy IN TYPE44 \# 22 01 01 40cc5559546421d15fe9c1064713636a02373ad2
  weasel at galaxy:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key
  galaxy IN SSHFP 1 1 40cc5559546421d15fe9c1064713636a02373ad2


1. no, peter.palfrader.org. does not yet have a RR of type 37

More information about the Gnupg-users mailing list