PKA support

[John Runyon]

       --auto-key-locate mechanisms
       --no-auto-key-locate
              GnuPG can automatically locate and retrieve keys as
needed using this option.  This happens when encrypting to an email
address (in the "user at example.com" form), and there are no
"user at example.com" keys on the local keyring.  This option takes any
number of the mech‐
              anisms listed below, in the order they are to be tried.
Instead of listing the mechanisms as comma delimited arguments, the
option may also be given several times to add more mechanism.  The
option --no-auto-key-locate or the mechanism "clear" resets the list.
 The
              default is "local,wkd".

              cert   Locate a key using DNS CERT, as specified in RFC-4398.

              dane   Locate a key using DANE, as specified in
draft-ietf-dane-openpgpkey-05.txt.

Thanks,
John Runyon


On Thu, Apr 9, 2026 at 10:19 AM Klaus Ethgen <klaus+gnupg at ethgen.ch> wrote:
>
> Hi,
>
> I just realized, as I was searching for Werner's current key, that PKA
> was removed from GnuPG in 2021.
>
> Until now that was my preferred way to spread my key.
>
> What was the reason for that?
>
> The problem with WKD is that it relies on https and I refuse to use that
> broken CA based system that forces me to renew my certs every month or
> even more often. The only halfway trustable CA is Cacert. But it is
> nowhere installed anymore.
>
> So PKA was the only alternative to WKD...
>
> Regards
>    Klaus
> --
> Klaus Ethgen                                       http://www.ethgen.ch/
> pub  4096R/4E20AF1C 2011-05-16            Klaus Ethgen <Klaus at Ethgen.ch>
> Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users