DANE-OpenPGPkey lookup with GnuPG

Werner Koch wk at gnupg.org
Tue Sep 13 16:36:36 CEST 2016


On Mon, 12 Sep 2016 23:54, rene at bartschnet.de said:

> I'm trying to look up public OpenPGP-keys published via DNSSEC (IETF RFC
> 7929) using the command 'gpg2 --auto-key-locate dane --search-keys
> info at mail.de' on Ubuntu 16.04 (GnuPG version 2.1.11).

The command --search-keys is keyserver specific and may return a list of
keys.  What you want to use is --locate-keys which takes the
--auto-key-locate list in account.  For testing it is often useful to do
this:

  gpg --auto-key-locate clear,dane,local --locate-key  WHATEVER

clear clears all auto-key-locate settings from gpg.conf and the explicit
mentioning of local makes sure that "dane" is used before looking into
the "local" keyring.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 162 bytes
Desc: not available
URL: </pipermail/attachments/20160913/d90b831c/attachment.sig>


More information about the Gnupg-users mailing list