On Tue, Apr 04, 2006 at 08:25:01PM +0200, Peter Palfrader wrote: > On Mon, 03 Apr 2006, Werner Koch wrote: > > > * New auto-key-locate option that takes an ordered list of methods > > to locate a key if it is not available at encryption time (-r or > > --recipient). Possible methods include "cert" (use DNS CERT as > > per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP > > server for the domain in question), "keyserver" (use the > > currently defined keyserver), as well as arbitrary keyserver > > URIs that will be contacted for the key. > > > > * Able to retrieve keys using DNS CERT records as per RFC-2538bis > > (currently in draft): http://www.josefsson.org/rfc2538bis > > How would I try to retrieve the key for [EMAIL PROTECTED] from DNS[1] > using GnuPG's command line, other than simulating an encryption (like in > gpg --auto-key-locate cert --recipient [EMAIL PROTECTED] --encrypt) > to the user in question?
While you could try and do some magic with piping the output of dig into a script, at the moment, simulating an encryption is the only easy way to do it directly from GnuPG. I do plan to have a --locate-keys command to do this in the next version; I just didn't want to delay the 1.4.3 release any further. > Also, is there a tool that produces a snippet which is ready for > inclusion into a zone file anywhere? Something similar to ssh-keygen > for SSHFP RRs: > [EMAIL PROTECTED]:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key -g > galaxy IN TYPE44 \# 22 01 01 40cc5559546421d15fe9c1064713636a02373ad2 > [EMAIL PROTECTED]:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key > galaxy IN SSHFP 1 1 40cc5559546421d15fe9c1064713636a02373ad2 Good idea. I just checked one in to the GnuPG SVN. David _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
