Problem with keys imported via DNS CERT
David Shaw
dshaw at jabberwocky.com
Fri Jan 25 02:06:24 CET 2008
On Thu, Jan 24, 2008 at 05:29:45PM -0500, Alex wrote:
> Hey everyone. I am using gnupg 2.0.8 and libgcrypt 1.4.0. I just added
> a DNS CERT record to my zone file and tried importing the key into my keyring
> to test to make sure everything is working properly. When I attempt it
> though, I get a warning that says there is no assurance that my key
> belongs to me. See below:
>
> $> gpg2 --auto-key-locate cert --recipient email at address.com --encrypt -a
> [...]
> gpg: key 09BBC7F2: public key "My Name <email at address.com>" imported
> gpg: Total number processed: 1
> gpg: imported: 1
> gpg: automatically retrieved `email at address.com' via DNS CERT
> gpg: AF19F7E3: There is no assurance this key belongs to the named user
>
> [...]
>
> It is NOT certain that the key belongs to the person named
> in the user ID. If you *really* know what you are doing,
> you may answer the next question with yes.
>
> Use this key anyway? (y/N)
> gpg: [stdin]: encryption failed: Unusable public key
>
> ==========================================================
>
> I've read that this is caused by unsigned public keys. However, both my DSA
> and RSA keys appear to be signed:
> -----------------------------
> pub 3072D/XXX 2008-01-23
> uid My Name <email at address.com>
> sig 3 XXX 2008-01-23 never My Name <email at address.com>
> sub 4096R/XXX 2008-01-23 [expires: 2008-06-21]
> sig XXX 2008-01-23 never My Name <email at address.com>
>
> Is there something I am doing wrong? Thank you.
I'm afraid you've redacted so much information (no real email address,
no real key ID) that it's not really possible to help you.
David
More information about the Gnupg-users
mailing list