How to use '--verify-options pka-lookup'?
gnupg.lists at whitewinterwolf.com
Sun Dec 10 15:40:51 CET 2017
Can anyone tell me or point me to some example on how to use the
As per my understanding, given a pubkey in the keyring and a signed
file, this parameter should tell GPG to contact the DNS server handling
the domain from the pubkey email address and ensure that the key
fingerprint is indeed the expected one.
I find this option interesting since, as long as PKA is not used to
fetch the key too, it opens a very convenient way to check a key from
two independent sources and make it far harder for an attacker to
replace a key (as long as SHA-1 fingerprints can be trusted).
However, I can try to use this option any way I can think of, it just
doesn't seem to have any noticeable effect.
Here is an example on how I tried to use this option:
gpg --verify-options pka-lookup --verify somefile.sig somefile.txt
PKA lookup step seems to be simply ignored and skipped.
Thank you by advance!
More information about the Gnupg-users