Problem with keys imported via DNS CERT

Alex alex323 at
Thu Jan 24 23:29:45 CET 2008

Hey everyone. I am using gnupg 2.0.8 and libgcrypt 1.4.0. I just added
a DNS CERT record to my zone file and tried importing the key into my keyring
to test to make sure everything is working properly. When I attempt it
though, I get a warning that says there is no assurance that my key
belongs to me. See below:

$> gpg2 --auto-key-locate cert --recipient email at --encrypt -a
gpg: key 09BBC7F2: public key "My Name <email at>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: automatically retrieved `email at' via DNS CERT
gpg: AF19F7E3: There is no assurance this key belongs to the named user


It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) 
gpg: [stdin]: encryption failed: Unusable public key


I've read that this is caused by unsigned public keys. However, both my DSA
and RSA keys appear to be signed:
pub   3072D/XXX 2008-01-23
uid                          My Name <email at>
sig 3        XXX 2008-01-23 never       My Name <email at>
sub   4096R/XXX 2008-01-23 [expires: 2008-06-21]
sig          XXX 2008-01-23 never       My Name <email at>

Is there something I am doing wrong? Thank you.


More information about the Gnupg-users mailing list