publishing PGP keys in DNS

Werner Koch wk at
Wed Dec 21 09:22:17 CET 2016

Hi Bjoern,

On Tue, 20 Dec 2016 22:44, bjoern at said:

> I want to publish my GnuPG key in DNS, therefore I followed this Howto:

I huess that this howto is too old.

> $ dig +short TXT
> "v=pka1;fpr=244FCEB0CB099524B21FB8962378A753E2BF04F6;uri="

With version 2.1.3 the PKA method was changed (it was never in
widespread use):

 * gpg: New option --print-pka-records.  Changed the PKA method to use
   CERT records and hashed names.  [Update: --print-pka-records
   replaced in 2.1.14.]

and in 2.1.14

 * gpg: Removed options --print-dane-records and --print-pka-records.
   The new export options "export-pka" and "export-dane" can instead
   be used with the export command.

Here is how you can create such records:

  $ gpg --export-options export-pka --export wk at
  ; ECAF7590EB3443B5C7CF3ACB6C7EE1B8621CC013
  ; Werner Koch <wk at>
  nq6t9teux7edsnwdksswydu4o9i5es3f TYPE37 \# 26 0006 0000 00 14 [...]

Anyway, I would suggest to avoid DNS and use the Web Key Directory
instead. See
<>. I
can also offer to work with to setup the whole thing for
all their users.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: </pipermail/attachments/20161221/08f6e8bd/attachment.sig>

More information about the Gnupg-users mailing list