On Mon, 5 Dec 2011 15:30, [email protected] said: > I then tried verifying the output from the above command, by piping it > into this, using a gpg homedir that didn't contain my key: > > gpg --verify-options pka-lookups --verify
You may want to use: gpg --verify-options pka-lookups,pka-trust-increase --verify so that gpg returns full trust. Without that you need to evaluate the PKA info yourself. > gpg: Signature made Mon 05 Dec 2011 14:25:17 GMT using RSA key ID C1D1E704 > gpg: Can't check signature: No public key > > Where have I gone wrong? I can't tell. What about posting such a signature or sending them in PM? > Yes, it displays that the key was retrieved using PKA. It doesn't > however state that the PKA record was DNSSEC signed. Knowing that the > fingerprint retrieved from the DNS was signed with DNSSEC is worthy of I don't know how to do it using the standard API. In any case I would not put too much weight into DNSSEC. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
