dns cert support

Peter Palfrader gnupg-users=gnupg.org at lists.palfrader.org
Wed Apr 5 12:30:42 CEST 2006 

On Tue, 04 Apr 2006, Peter Palfrader wrote:

> On Mon, 03 Apr 2006, Werner Koch wrote:
> 
> >     * New auto-key-locate option that takes an ordered list of methods
> >       to locate a key if it is not available at encryption time (-r or
> >       --recipient).  Possible methods include "cert" (use DNS CERT as
> >       per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP
> >       server for the domain in question), "keyserver" (use the
> >       currently defined keyserver), as well as arbitrary keyserver
> >       URIs that will be contacted for the key.
> > 
> >     * Able to retrieve keys using DNS CERT records as per RFC-2538bis
> >       (currently in draft): http://www.josefsson.org/rfc2538bis
> 
> How would I try to retrieve the key for peter at palfrader.org from DNS[1]
> using GnuPG's command line, other than simulating an encryption (like in
> gpg --auto-key-locate cert --recipient peter at palfrader.org --encrypt)
> to the user in question?

I notice that if I have both, a IPGP and a PGP CERT RR that GnuPG fails
to import the key some of the time:

| weasel at asteria:~/tmp/g$ echo fo | gpg --auto-key-locate cert --recipient peter at palfrader.org --encrypt
| gpg: peter at palfrader.org: skipped: public key not found
| gpg: [stdin]: encryption failed: public key not found
| weasel at asteria:~/tmp/g$ echo fo | gpg --auto-key-locate cert --recipient peter at palfrader.org --encrypt
| gpg: peter at palfrader.org: skipped: public key not found
| gpg: [stdin]: encryption failed: public key not found
| weasel at asteria:~/tmp/g$ echo fo | gpg --auto-key-locate cert --recipient peter at palfrader.org --encrypt
| gpg: ./trustdb.gpg: trustdb created
| gpg: key 94C09C7F: public key "Peter Palfrader" imported

} ;; ANSWER SECTION:
} peter.palfrader.org.    43200   IN      CERT    6 0 0 FFsAyW1dVK7hIGuvhN56r26UwJx/
} peter.palfrader.org.    43200   IN      CERT    PGP 0 0 mQGiBDgp0YcRBACN9s8EycXRsu9ym3Sjou1N.....

Is having them both not supported or is there a bug somewhere?

Cheers,
Peter
-- 
 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
 http://www.palfrader.org/ |   `-    http://www.debian.org/

More information about the Gnupg-users mailing list