PKA records

Werner Koch wk at
Wed Nov 30 10:54:09 CET 2016

On Wed, 30 Nov 2016 07:16, gpg at said:

> the new one that I exported only includes the key fingerprint, so it
> obviously cannot be used for retrieval alone. What am I missing?


  gpg --export-options export-pka --export  USERID

to create resource records for use in zone files.  The format of the PKA
record was changed from a TXT record to a CERT record (RFC-4398, IPGP
subtype).  The above command only includes the fingerprint, but you can
also add an URL to it, albeit without gpg support to _create_ it.

gpg uses the fingerprint from the CERT record to lookup the key from a
keyserver or from the URL, if given.

I would suggest not to use PKA or DANE but settle for the Web Key
Directory; see recent posts at



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: </pipermail/attachments/20161130/fa2ceb85/attachment.sig>

More information about the Gnupg-users mailing list