pka-lookups and dnssec

gnupg at gnupg at
Mon Dec 5 13:26:16 CET 2011

Can anyone explain to me the purpose of "--verify-options pka-lookups" ?
I have successfully used "--auto-key-locate pka" when encrypting
messages, but I can't see how to use "pka-lookups".

I assumed it would automatically lookup/download the key in order to do
verification, but if you don't have the key already, it doesn't know the
UID associated with the key used to sign and therefore can't do the PKA
lookup... Is there some additional command line option that I should be
using to specify the email address from the UID when verifying this way?
Or have I completely misunderstood something?

Also. Would it be useful to add a feature to GnuPG so it displays the
fact that a PKA record it retrieved was DNSSEC signed, when true? Just
for informational purposes. It strikes me as useful information to have...

Here is my DNSSEC signed PKA record that I've been experimenting with:

mike at server:~$ dig +short txt
mike at server:~$

Mike Cardwell
Professional   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20111205/c776a2c4/attachment.pgp>

More information about the Gnupg-users mailing list