Hi, Can anyone tell me or point me to some example on how to use the following option:
--verify-options pka-lookup As per my understanding, given a pubkey in the keyring and a signed file, this parameter should tell GPG to contact the DNS server handling the domain from the pubkey email address and ensure that the key fingerprint is indeed the expected one. I find this option interesting since, as long as PKA is not used to fetch the key too, it opens a very convenient way to check a key from two independent sources and make it far harder for an attacker to replace a key (as long as SHA-1 fingerprints can be trusted). However, I can try to use this option any way I can think of, it just doesn't seem to have any noticeable effect. Here is an example on how I tried to use this option: gpg --verify-options pka-lookup --verify somefile.sig somefile.txt PKA lookup step seems to be simply ignored and skipped. Thank you by advance! Simon. -- WhiteWinterWolf https://www.whitewinterwolf.com -- WhiteWinterWolf https://www.whitewinterwolf.com _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users