Problem with keys imported via DNS CERT

David Shaw dshaw at
Fri Jan 25 02:06:24 CET 2008

On Thu, Jan 24, 2008 at 05:29:45PM -0500, Alex wrote:
> Hey everyone. I am using gnupg 2.0.8 and libgcrypt 1.4.0. I just added
> a DNS CERT record to my zone file and tried importing the key into my keyring
> to test to make sure everything is working properly. When I attempt it
> though, I get a warning that says there is no assurance that my key
> belongs to me. See below:
> $> gpg2 --auto-key-locate cert --recipient email at --encrypt -a
> [...]
> gpg: key 09BBC7F2: public key "My Name <email at>" imported
> gpg: Total number processed: 1
> gpg:               imported: 1
> gpg: automatically retrieved `email at' via DNS CERT
> gpg: AF19F7E3: There is no assurance this key belongs to the named user
> [...]
> It is NOT certain that the key belongs to the person named
> in the user ID.  If you *really* know what you are doing,
> you may answer the next question with yes.
> Use this key anyway? (y/N) 
> gpg: [stdin]: encryption failed: Unusable public key
> ==========================================================
> I've read that this is caused by unsigned public keys. However, both my DSA
> and RSA keys appear to be signed:
> -----------------------------
> pub   3072D/XXX 2008-01-23
> uid                          My Name <email at>
> sig 3        XXX 2008-01-23 never       My Name <email at>
> sub   4096R/XXX 2008-01-23 [expires: 2008-06-21]
> sig          XXX 2008-01-23 never       My Name <email at>
> Is there something I am doing wrong? Thank you.

I'm afraid you've redacted so much information (no real email address,
no real key ID) that it's not really possible to help you.


More information about the Gnupg-users mailing list