How to use PKA

Jonathan T. Rockway jon at
Tue May 23 14:31:42 CEST 2006

Hash: SHA1

> Can someone provide a clear example of what I need to do to allow others
> to use pka-lookup to verify my email address?

My understanding of those instructions is as follows:

As the administrator of "", you can attest to the fact
that "you at" has a certain public key.  To do this:

Create a TXT record in "" for
"you" is the part before the at sign, and "" is your
domain.  the _pka part isn't really a host on your network, it's
simply the convention that was decided upon for this.

The value of that TXT record is a colon-separated list of key=value
pairs, where the keys and values are: (ignore everything after #,

v=pkal; # meaning that this is a pkal record
fpr=<the fingerprint of your key>;
uri=<url where your public key can be looked up>;

When concatenated together, you TXT record should look something like:


Which is incidentally what my PKA record looks like.

I actually just set this up and haven't tested it yet, though.  If it
doesn't work, I'll post a correction :)

> I've tried invoking variations of what I interpret to be instructions
> from
> but
> I can't seem to get my GnuPG to use pka-lookup even though it is in my
> verify-options.

What version of gpg are you using?  The instructions indicate that you
need to check out the subversion ("CVS") tree.  It's experimental in
nature, so it hasn't trickled down to stable versions yet.

I need to try a newer version today anyway, so I'll try this out and
let you know what version works.

Jonathan Rockway
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the Gnupg-users mailing list