On Thu, 29 Oct 2009, Ciprian Dorin, Craciun wrote:
On Thu, Oct 29, 2009 at 7:52 AM, Dan Mahoney, System Admin
<d...@prime.gushi.org> wrote:
All,
I've written a pretty conclusive howto on how to publish keys in DNS,
including detailing the advantages and disadvantages of each method, with
full examples, details on testing, and real-world output.
I've also re-implemented make-dns-cert as a shell script, so that it's more
easily available to people who don't have the source, but who installed via
a binary package (that's most people), including comments, cleaner record
handling, auto-fingerprinting, etc. One command, three arguments, and you
get all three record types.
I cited credit where possible, but if I missed your name, let me know.
Suggestions, feedback, requests, corrections, are all welcome.
Initial publishing is to my livejournal, but I'm planning to wrap the whole
thing to my webpage during a revamp.
http://gushi.livejournal.com/524199.html
Regards,
-Dan Mahoney
Hello!
Nice tutorial! I've tried to apply your methods (for now I'm just
at the PKA method).
But it seems that there is a problem with auto-key-locate option.
For example for the following command:
~~~~
mkdir /tmp/gpg-test
gpg2 --homedir /tmp/gpg-test --auto-key-locate pka --recipient
cipr...@volution.ro --encrypt /dev/null
~~~~
it gives me the following error:
~~~~
gpg: requesting key A6FD8839 from http server stores.volution.ro
gpg: /tmp/gpg-test/trustdb.gpg: trustdb created
gpg: key A6FD8839: public key "Ciprian Dorin Craciun
<cipr...@volution.ro>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1
gpg: error retrieving `cipr...@volution.ro' via PKA: Unusable public key
gpg: cipr...@volution.ro: skipped: No public key
gpg: /dev/null: encryption failed: No public key
~~~~
Now, searching on the net for a solution, I've stumbled upon the
following thread:
http://lists.gnupg.org/pipermail/gnupg-users/2006-May/028637.html
It seems that there was a bug in GnuPG. So the question is:
* am I doing something wrong?
* or is the bug still present in GnuPG?
Thanks,
Ciprian.
Okay, so here's what I've learned. I've manually retrieved your key, and
imported it manually to my machine with gpg --import < file
And I then get this:
dmaho...@dmahoney-laptop:~/Desktop$ echo "foo" | gpg --encrypt -r
cipr...@volution.ro
gpg: cipr...@volution.ro: skipped: unusable public key
gpg: [stdin]: encryption failed: unusable public key
So it's not the PKA record. Upon examining it a little further, I see
this:
dmaho...@dmahoney-laptop:~/Desktop$ gpg --list-keys cipr...@volution.ro
pub 3072D/A6FD8839 2008-10-19 [expires: 2009-11-21]
uid Ciprian Dorin Craciun <cipr...@volution.ro>
uid Ciprian Dorin Craciun <ccrac...@cci.uvt.ro>
uid Ciprian Dorin Craciun <ciprian.crac...@gmail.com>
uid Ciprian Dorin Craciun <ccrac...@info.uvt.ro>
dmaho...@dmahoney-laptop:~/Desktop$ gpg <cipr...@volution.ro.pub.gpg
pub 3072D/A6FD8839 2008-10-19 Ciprian Dorin Craciun <cipr...@volution.ro>
uid Ciprian Dorin Craciun <ccrac...@cci.uvt.ro>
uid Ciprian Dorin Craciun
<ciprian.crac...@gmail.com>
uid Ciprian Dorin Craciun
<ccrac...@info.uvt.ro>
sub 4096g/15F68B01 2008-10-19 [expires: 2009-10-19]
Looks like your subkey that I'd use to encrypt to you has expired, and
thus my GPG didn't import it.
--
"Man, this is such a trip"
-Dan Mahoney, October 25, 1997
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
