Howto For DNS Key publishing.

Ciprian Dorin, Craciun ciprian.craciun at
Thu Oct 29 12:42:37 CET 2009

On Thu, Oct 29, 2009 at 7:52 AM, Dan Mahoney, System Admin
<danm at> wrote:
> All,
> I've written a pretty conclusive howto on how to publish keys in DNS,
> including detailing the advantages and disadvantages of each method, with
> full examples, details on testing, and real-world output.
> I've also re-implemented make-dns-cert as a shell script, so that it's more
> easily available to people who don't have the source, but who installed via
> a binary package (that's most people), including comments, cleaner record
> handling, auto-fingerprinting, etc.  One command, three arguments, and you
> get all three record types.
> I cited credit where possible, but if I missed your name, let me know.
> Suggestions, feedback, requests, corrections, are all welcome.
> Initial publishing is to my livejournal, but I'm planning to wrap the whole
> thing to my webpage during a revamp.
> Regards,
> -Dan Mahoney


    Nice tutorial! I've tried to apply your methods (for now I'm just
at the PKA method).

    But it seems that there is a problem with auto-key-locate option.
For example for the following command:
        mkdir /tmp/gpg-test
        gpg2 --homedir /tmp/gpg-test --auto-key-locate pka --recipient
ciprian at --encrypt /dev/null

    it gives me the following error:
gpg: requesting key A6FD8839 from http server
gpg: /tmp/gpg-test/trustdb.gpg: trustdb created
gpg: key A6FD8839: public key "Ciprian Dorin Craciun
<ciprian at>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1
gpg: error retrieving `ciprian at' via PKA: Unusable public key
gpg: ciprian at skipped: No public key
gpg: /dev/null: encryption failed: No public key

    Now, searching on the net for a solution, I've stumbled upon the
following thread:

    It seems that there was a bug in GnuPG. So the question is:
    * am I doing something wrong?
    * or is the bug still present in GnuPG?


More information about the Gnupg-users mailing list