dns cert support (was: GnuPG 1.4.3 released)
Peter Palfrader
peter at palfrader.org
Tue Apr 4 20:25:01 CEST 2006
On Mon, 03 Apr 2006, Werner Koch wrote:
> * New auto-key-locate option that takes an ordered list of methods
> to locate a key if it is not available at encryption time (-r or
> --recipient). Possible methods include "cert" (use DNS CERT as
> per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP
> server for the domain in question), "keyserver" (use the
> currently defined keyserver), as well as arbitrary keyserver
> URIs that will be contacted for the key.
>
> * Able to retrieve keys using DNS CERT records as per RFC-2538bis
> (currently in draft): http://www.josefsson.org/rfc2538bis
How would I try to retrieve the key for peter at palfrader.org from DNS[1]
using GnuPG's command line, other than simulating an encryption (like in
gpg --auto-key-locate cert --recipient peter at palfrader.org --encrypt)
to the user in question?
Also, is there a tool that produces a snippet which is ready for
inclusion into a zone file anywhere? Something similar to ssh-keygen
for SSHFP RRs:
weasel at galaxy:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key -g
galaxy IN TYPE44 \# 22 01 01 40cc5559546421d15fe9c1064713636a02373ad2
weasel at galaxy:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key
galaxy IN SSHFP 1 1 40cc5559546421d15fe9c1064713636a02373ad2
Cheers,
Peter
1. no, peter.palfrader.org. does not yet have a RR of type 37
More information about the Gnupg-users
mailing list