Howto For DNS Key publishing.
Ciprian Dorin, Craciun
ciprian.craciun at gmail.com
Thu Oct 29 12:42:37 CET 2009
On Thu, Oct 29, 2009 at 7:52 AM, Dan Mahoney, System Admin
<danm at prime.gushi.org> wrote:
> I've written a pretty conclusive howto on how to publish keys in DNS,
> including detailing the advantages and disadvantages of each method, with
> full examples, details on testing, and real-world output.
> I've also re-implemented make-dns-cert as a shell script, so that it's more
> easily available to people who don't have the source, but who installed via
> a binary package (that's most people), including comments, cleaner record
> handling, auto-fingerprinting, etc. One command, three arguments, and you
> get all three record types.
> I cited credit where possible, but if I missed your name, let me know.
> Suggestions, feedback, requests, corrections, are all welcome.
> Initial publishing is to my livejournal, but I'm planning to wrap the whole
> thing to my webpage during a revamp.
> -Dan Mahoney
Nice tutorial! I've tried to apply your methods (for now I'm just
at the PKA method).
But it seems that there is a problem with auto-key-locate option.
For example for the following command:
gpg2 --homedir /tmp/gpg-test --auto-key-locate pka --recipient
ciprian at volution.ro --encrypt /dev/null
it gives me the following error:
gpg: requesting key A6FD8839 from http server stores.volution.ro
gpg: /tmp/gpg-test/trustdb.gpg: trustdb created
gpg: key A6FD8839: public key "Ciprian Dorin Craciun
<ciprian at volution.ro>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1
gpg: error retrieving `ciprian at volution.ro' via PKA: Unusable public key
gpg: ciprian at volution.ro: skipped: No public key
gpg: /dev/null: encryption failed: No public key
Now, searching on the net for a solution, I've stumbled upon the
It seems that there was a bug in GnuPG. So the question is:
* am I doing something wrong?
* or is the bug still present in GnuPG?
More information about the Gnupg-users