A lot of questions about CERT, PKA and make-dns-cert
Dan Mahoney, System Admin
danm at prime.gushi.org
Wed Oct 21 04:55:03 CEST 2009
On Thu, 15 Oct 2009, David Shaw wrote:
> On Oct 15, 2009, at 9:37 PM, Dan Mahoney, System Admin wrote:
>> I'm running:
>> echo foo | gpg -v -v --auto-key-locate cert --recipient gushi at gushi.org
>> --encrypt -a
>> And get gpg: error retrieving `gushi at gushi.org' via DNS CERT: No
>> I exported my key with:
>> gpg --export --export-options minimal > file; and make-dns-cert -n
>> gushi.gushi.org -f file
> It works fine for me. What version of GPG are you using?
I tried this again, after I nuked the "fingerprint" cert record.
Oddly, running on gpg2 on an older debian system, I get:
# echo "foo" | gpg2 -v -v --auto-key-locate cert --encrypt -r
gushi at gushi.org
gpg: no keyserver known (use option --keyserver)
gpg: error retrieving `gushi at gushi.org' via DNS CERT: General error
gpg: gushi at gushi.org: skipped: General error
gpg: [stdin]: encryption failed: General error
That first line specifically makes me scratch my head a bit.
(The gpg manpage also appears to be a bit corrupted on this system).
On my bsd system, I get what you see at http://www.gushi.org/gpg.txt. It
retrieves the key, but complains of "no fingerprint", however it actually
DOES import the key, so it works a second time. If you require a shell to
play with this, let me know and I'll provide one. With the demise of
thawte's free cert offering, I'd really like to do what I can to increase
awareness of this stuff.
On my ubuntu desktop, it works fine.
I suspect strongly that this feature doesn't get the most broad platform
testing. Let me know if you'd like to help.
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
More information about the Gnupg-users