Howto For DNS Key publishing.

Ciprian Dorin, Craciun ciprian.craciun at gmail.com
Thu Oct 29 12:42:37 CET 2009 

On Thu, Oct 29, 2009 at 7:52 AM, Dan Mahoney, System Admin
<danm at prime.gushi.org> wrote:
> All,
>
> I've written a pretty conclusive howto on how to publish keys in DNS,
> including detailing the advantages and disadvantages of each method, with
> full examples, details on testing, and real-world output.
>
> I've also re-implemented make-dns-cert as a shell script, so that it's more
> easily available to people who don't have the source, but who installed via
> a binary package (that's most people), including comments, cleaner record
> handling, auto-fingerprinting, etc.  One command, three arguments, and you
> get all three record types.
>
> I cited credit where possible, but if I missed your name, let me know.
>
> Suggestions, feedback, requests, corrections, are all welcome.
>
> Initial publishing is to my livejournal, but I'm planning to wrap the whole
> thing to my webpage during a revamp.
>
> http://gushi.livejournal.com/524199.html
>
> Regards,
>
> -Dan Mahoney

    Hello!

    Nice tutorial! I've tried to apply your methods (for now I'm just
at the PKA method).

    But it seems that there is a problem with auto-key-locate option.
For example for the following command:
~~~~
        mkdir /tmp/gpg-test
        gpg2 --homedir /tmp/gpg-test --auto-key-locate pka --recipient
ciprian at volution.ro --encrypt /dev/null
~~~~

    it gives me the following error:
~~~~
gpg: requesting key A6FD8839 from http server stores.volution.ro
gpg: /tmp/gpg-test/trustdb.gpg: trustdb created
gpg: key A6FD8839: public key "Ciprian Dorin Craciun
<ciprian at volution.ro>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1
gpg: error retrieving `ciprian at volution.ro' via PKA: Unusable public key
gpg: ciprian at volution.ro: skipped: No public key
gpg: /dev/null: encryption failed: No public key
~~~~

    Now, searching on the net for a solution, I've stumbled upon the
following thread:
        http://lists.gnupg.org/pipermail/gnupg-users/2006-May/028637.html

    It seems that there was a bug in GnuPG. So the question is:
    * am I doing something wrong?
    * or is the bug still present in GnuPG?

    Thanks,
    Ciprian.

More information about the Gnupg-users mailing list