On Fri, Feb 20, 2015 at 07:03:04PM -0500, James Cloos wrote:
> >>>>> "WK" == Warren Kumari <[email protected]> writes:
>
> WK> Also, a cute trick: dig type61 $(echo -n pwouters| sha224sum | sed "s/
> WK> ..$//")._openpgpkey.fedoraproject.org |grep TYPE61 | sed
> WK> "s/^.*TYPE61.*\\\#[0-9]* //" | grep -v ";" | sed "s/ //g" | xxd -r -p
> WK> | gpg --import --dry-run
>
> FWIW, that does not work here.
What works for me is:
$ dig +short -t type61 $(
printf "%s._openpgpkey.fedoraproject.org" $(
printf "%s" pwouters |
openssl dgst -sha224 -binary |
hexdump -ve '/1 "%02x"'
)
) |
perl -ane '
($escape_sharp, $len) = splice(@F, 0, 2);
next if ($escape_sharp ne q{\#});
($rdata = join("", @F)) =~ s/(..)/chr(hex($1))/eg;
next if (length($rdata) != $len);
print $rdata;
last;
' |
gpg --import --dry-run --verbose
gpg: pub 4096R/E0FD94D2 2014-12-11 Paul Wouters <[email protected]>
gpg: using classic trust model
gpg: key E0FD94D2: public key "[User ID not found]" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
Of course this ignores the DNSSEC validation status. A better
approach is to do it all in Perl with Net::DNS and either trusted
(AD-bit) local resolver, or DNSSEC validation support in Net::DNS.
Python with the getdns api is another attractive option.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
