On Mon, 03 Apr 2006, Werner Koch wrote: > * New auto-key-locate option that takes an ordered list of methods > to locate a key if it is not available at encryption time (-r or > --recipient). Possible methods include "cert" (use DNS CERT as > per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP > server for the domain in question), "keyserver" (use the > currently defined keyserver), as well as arbitrary keyserver > URIs that will be contacted for the key. > > * Able to retrieve keys using DNS CERT records as per RFC-2538bis > (currently in draft): http://www.josefsson.org/rfc2538bis
How would I try to retrieve the key for [EMAIL PROTECTED] from DNS[1] using GnuPG's command line, other than simulating an encryption (like in gpg --auto-key-locate cert --recipient [EMAIL PROTECTED] --encrypt) to the user in question? Also, is there a tool that produces a snippet which is ready for inclusion into a zone file anywhere? Something similar to ssh-keygen for SSHFP RRs: [EMAIL PROTECTED]:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key -g galaxy IN TYPE44 \# 22 01 01 40cc5559546421d15fe9c1064713636a02373ad2 [EMAIL PROTECTED]:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key galaxy IN SSHFP 1 1 40cc5559546421d15fe9c1064713636a02373ad2 Cheers, Peter 1. no, peter.palfrader.org. does not yet have a RR of type 37 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
