Questions re auto-key-locate
Damien Goutte-Gattat
dgouttegattat at incenp.org
Tue Feb 15 22:57:11 CET 2022
On Tuesday, 15 February 2022 20:32:50 GMT Dan Mahoney (Gushi) via Gnupg-users
wrote:
> Worse still, if you know a key exists via something like DANE (dayjob
> makes DNS software, we like the idea of it being available via DANE),
> there's no way to do gpg --search via DANE, only via a keyserver.
>
> Thus, using that as a prefetch method to grab the current version of our
> codesign@ key into our keyring is not helpful either, unless we "faked it"
> by attempting to encrypt a message to that address, then discarded it.
>
> Is there another way forward? The normal things for auto-key-locate don't
> seem to help here. I'm open to ideas.
Unless I misunderstood what you’re trying to achieve, I think the `--locate-
external-keys` command should be what you’re looking for?
This is basically the equivalent of `--search-keys`, except that the search is
not limited to keyservers but instead use the mechanisms configured via the
`--auto-key-locate` option (which can include DNS lookups, either using the
“historical“ method of RFC-4398, or the modern method of RFC-7929).
- Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220215/82ac7676/attachment.sig>
More information about the Gnupg-users
mailing list