publishing PGP keys in DNS
Werner Koch
wk at gnupg.org
Wed Dec 21 12:46:31 CET 2016
On Wed, 21 Dec 2016 12:00, bjoern at schiessle.org said:
> auto-key-locate cert pka wkd keyserver
>
> Does this means that gpg will try to find a WKD and a corresponding
> public key automatically if I write a email to someone I don't have a
> public key yet? Or will the lookup happen if I receive a mail?
Right; but only as long as the key has been specified by mail address.
First gpg looks into the local keyring, then tries to find a CERT
record, then tries to get the fingerprint via PKA and downloads the key
From the included URL or a configured keyserver, then it tries to locate
via WKD, and finally b a simple keyserver search. I would suggest to
use
auto-key-locate wkd,dane,pka
if you want to find keys for signature verification you can also use
auto-key-retrieve
to fetch a key from a keyserver. The drawback is that you need to wait
for the keyserver. That latter will eventually be improved by using a
lower timeout and queue the request for later background retrieval
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: </pipermail/attachments/20161221/7402d950/attachment-0001.sig>
More information about the Gnupg-users
mailing list