Problem with keys imported via DNS CERT

David Shaw dshaw at jabberwocky.com
Fri Jan 25 02:06:24 CET 2008


On Thu, Jan 24, 2008 at 05:29:45PM -0500, Alex wrote:
> Hey everyone. I am using gnupg 2.0.8 and libgcrypt 1.4.0. I just added
> a DNS CERT record to my zone file and tried importing the key into my keyring
> to test to make sure everything is working properly. When I attempt it
> though, I get a warning that says there is no assurance that my key
> belongs to me. See below:
> 
> $> gpg2 --auto-key-locate cert --recipient email at address.com --encrypt -a
> [...]
> gpg: key 09BBC7F2: public key "My Name <email at address.com>" imported
> gpg: Total number processed: 1
> gpg:               imported: 1
> gpg: automatically retrieved `email at address.com' via DNS CERT
> gpg: AF19F7E3: There is no assurance this key belongs to the named user
> 
> [...]
> 
> It is NOT certain that the key belongs to the person named
> in the user ID.  If you *really* know what you are doing,
> you may answer the next question with yes.
> 
> Use this key anyway? (y/N) 
> gpg: [stdin]: encryption failed: Unusable public key
> 
> ==========================================================
> 
> I've read that this is caused by unsigned public keys. However, both my DSA
> and RSA keys appear to be signed:
> -----------------------------
> pub   3072D/XXX 2008-01-23
> uid                          My Name <email at address.com>
> sig 3        XXX 2008-01-23 never       My Name <email at address.com>
> sub   4096R/XXX 2008-01-23 [expires: 2008-06-21]
> sig          XXX 2008-01-23 never       My Name <email at address.com>
> 
> Is there something I am doing wrong? Thank you.

I'm afraid you've redacted so much information (no real email address,
no real key ID) that it's not really possible to help you.

David



More information about the Gnupg-users mailing list