Contents
Reference
DNS PKA records
- exporting the key:
the extension should be .pub.gpg for binary files, or .pub.asc for ASCII armmorred files (with the --armmor flag);
gpg2 --export --output {public-key-file} {key-id}
- printing the key fingerprint:
gpg2 --fingerprint --with-colons {key-id} | grep -E -e '^fpr:' | cut -d ':' -f 10
- DNS record (for Bind):
instead of user@domain.tld. we put user._pka.domain.tld.;
- the record could be relative;
user._pka.domain.tld. TXT "v=pka1;fpr={key-fingerprint};uri={public-key-url}"
test with dig:
dig user._pka.domain.tld. TXT
test with gpg2:
mkdir /tmp/gpg-test gpg2 --homedir /tmp/gpg-test --auto-key-locate pka --recipient {key-id} --encrypt /dev/null rm -R /tmp/gpg-test