Where to put "export-pka" output in DNS?
wiktor at metacode.biz
Wed Oct 3 22:12:15 CEST 2018
> I want to make use of PKA, I saw a few blogs  where they did this in
> TXT DNS records. However, this seems to not work anymore. When I issue
> `gpg2 --export-options export-pka --export $keyid` I get an output. But
> it's unclear where I should put this output in DNS. A TXT record? Or a
> CERT record ? Something else? I would like to hear some comments
> about this.
> The TXT record method has my preference since I do not have CERT records
> at my registrar. Is there some official documentation about this?
Yes, it's a TXT record, such as this (for user at example.com):
see examples here:
Note that if you have your own domain and HTTPS set up it would be
better to utilize the Web Key Directory, that is enabled by default in
modern GnuPG and used by some e-mail clients automatically
Export your binary key (gpg --export user at example.com > key.gpg) and get
the hash (gpg --list-keys --with-wkd user at example.com) and copy your key
to https://example.com/.well-known/openpgpkey/hu/$hash, replace
example.com and $hash with your values. Then "gpg --locate-key
user at example.com" will then download the key from your web server).
More details here: https://wiki.gnupg.org/WKD
>  https://keyserver.mattrude.com/guides/public-key-association/
>  https://slxh.nl/blog/2016/pgp-and-dns/
> Kind regards,
> Kees de Jong | OpenPGP fingerprint: 0x0E45C98AB51428E6
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
More information about the Gnupg-users