How to use PKA
Jonathan T. Rockway
jon at jrock.us
Tue May 23 14:31:42 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
> Can someone provide a clear example of what I need to do to allow others
> to use pka-lookup to verify my email address?
My understanding of those instructions is as follows:
As the administrator of "yourdomain.com", you can attest to the fact
that "you at yourdomain.com" has a certain public key. To do this:
Create a TXT record in "yourdomain.com" for you._pka.yourdomain.com.
"you" is the part before the at sign, and "yourdomain.com" is your
domain. the _pka part isn't really a host on your network, it's
simply the convention that was decided upon for this.
The value of that TXT record is a colon-separated list of key=value
pairs, where the keys and values are: (ignore everything after #,
v=pkal; # meaning that this is a pkal record
fpr=<the fingerprint of your key>;
uri=<url where your public key can be looked up>;
When concatenated together, you TXT record should look something like:
Which is incidentally what my PKA record looks like.
I actually just set this up and haven't tested it yet, though. If it
doesn't work, I'll post a correction :)
> I've tried invoking variations of what I interpret to be instructions
> http://lists.gnupg.org/pipermail/gnupg-devel/2005-August/022254.html but
> I can't seem to get my GnuPG to use pka-lookup even though it is in my
What version of gpg are you using? The instructions indicate that you
need to check out the subversion ("CVS") tree. It's experimental in
nature, so it hasn't trickled down to stable versions yet.
I need to try a newer version today anyway, so I'll try this out and
let you know what version works.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users