First of all, you need to export your public key and place it somewhere where it can be served via HTTP:
gpg -a --export firstname.lastname@example.org > /var/www/pgp.pub.ascIn this example, that places the key up at http://example.com/pgp.pub.asc
Next, you need to find out your public keys fingerprint (highlighted):
mike@server:~$ gpg --fingerprint --list-keys email@example.com pub 4096R/0018461F 2010-11-02 [expires: 2015-11-01] Key fingerprint = 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F uid Mike Cardwell (Personal mail) <firstname.lastname@example.org> sub 4096R/01DE408F 2010-11-02 [expires: 2015-11-01] mike@server:~$Then you simply create a DNS TXT record. The hostname is "mike._pka.example.com" ie, "local_part._pka.domain" and the value looks like this:
v=pka1;fpr=35BCAF1D3AA21F843DC3B0CF70A5F5120018461F;uri=http://example.com/pgp.pub.asc"fpr" is the upper-case value of the keys fingerprint without the spaces, and "uri" is the location of the public key.
So what's the point of this? This command will automatically fetch the public key of email@example.com and start encrypting with it:
gpg --auto-key-locate pka -ea -r firstname.lastname@example.orgIf you put "auto-key-locate pka" in your gpg.conf you don't even need to specify it on the command line. It will automatically look up missing keys in the DNS when it needs to. No need for keyservers.
If you want to read more stuff like this, follow my blog or check out the rest of my articles: All, Email related, Privacy related, Security related. If you found this article helpful, interesting or entertaining, and wish to donate:If you want to leave a tip:
If you need a freelancer or some consulting, you'll find me at Cardwell IT Ltd.