What is an OPENPGPKEY Record? Safe Email Encryption

OpenPGP public keys are used to encrypt or sign email messages and files. To encrypt an email message, or verify a sender's OpenPGP signature, the email client Mail User Agent (MUA) or the email server Mail Transfer Agent (MTA) needs to locate the recipient's OpenPGP public key.

The OpenPGPKEY record has the following look in your ClouDNS Control Panel:

Host Type Points to TTL
hashedLocalPart._openpgpkey OPENPGPKEY Base 64 encoded string 1 Hour

Why is it important?

The OPENPGPKEY DNS record is important because it allows individuals or organizations to associate their OpenPGP public keys with domain names. This record type helps establish a direct link between the email address associated with a domain and the corresponding OpenPGP key used for encrypting and verifying emails sent from that domain.

By creating an OpenPGPkey DNS record, email recipients can automatically get the public key associated with the sender's domain and use it to encrypt messages sent to that domain. This helps ensure the confidentiality and integrity of email communication.

Furthermore, the OpenPGPkey DNS record allows for easy key discovery and simplifies the process of verifying the authenticity of email messages. Email clients and encryption software can query the DNS records associated with a domain to get the necessary public key information for encryption and verification.

How to create a DNS OPENPGPKEY record?

Log in to your ClouDNS account, enter your DNS zone management page, and click on the Add new record button. For Type choose "OPENPGPKEY" and type as follow:

  • Type: OPENPGPKEY
  • TTL: 1 hour
  • Host: fcbc3d5f4511c51c7e15a0d9425e8038bdad6e5e512da03d54543142._openpgpkey
  • PGP Public Key Base 64 encoded string.

*This hostname is used as an example.

How to check it?

The OPENPGPKEY record type cannot be looked up easily in Windows. That is because neither Nslookup nor Powershell's Resolve-DnsName has support for it. 

However, if you are a Windows user, you can install WSL (Windows Subsystem for Linux) and then follow the steps and instructions for Linux/macOS. The other option is to use an online lookup tool like the ClouDNS Free DNS tool to check your OPENPGPKEY record.

If you are a Linux or macOS user, start by opening the Terminal application. There you can check your OPENPGPKEY record via DIG. Here is an example:

$ dig example.com OPENPGPKEY

The command will show you the information about the available OPENPGPKEY records.

How to start managing OPENPGPKEY records for your domain name?

  1. Create a free account from, here - free forever
  2. Verify your e-mail address
  3. Log into your control panel
  4. Create a new Master DNS from the [add new] button - check a tutorial, here
  5. Add the OPENPGPKEY records you need, as it is described in this article.

Troubleshooting common issues with OPENPGPKEY records

  • Key Retrieval Failures: Ensure the DNS record is correctly formatted and the Base64 encoding is accurate. Verify that the correct DNS record type (OPENPGPKEY) is used.
  • DNS Propagation Delays: Allow sufficient time for DNS changes to propagate. Use tools like dig or ClouDNS Free DNS checker to check the changes. 
  • Incorrect Configurations: Double-check the domain name and local part used in the OPENPGPKEY record. Ensure there are no typos or misconfigurations.
  • Compatibility Issues: Verify that your email client or encryption software supports automatic key retrieval via DNS. Update or configure software as needed.

Support of OPENPGPKEY records

ClouDNS provides full support for OPENPGPKEY records for all our DNS services, including the listed below. Just write to our technical support, if you need any assistance with your OPENPGPKEY records configuration. Our Technical Support team is online for you 24/7 via live chat and tickets.

FAQ

Question: How long does it take to propagate changes to an OpenPGPKEY record?

Answer: DNS record propagation times can vary depending on factors like the TTL (Time to Live) value set for the DNS record. Changes to OpenPGPKEY records may take some time to propagate, ranging from a few minutes to several hours.

Question: Are OpenPGPKEY records limited to personal use, or can organizations use them too?

Answer: OpenPGPKEY records are not limited to personal use and can be used by organizations. By publishing their OpenPGP public keys, they enable secure communication, digital signatures, or encryption with their correspondents.

Question: Can I use OpenPGPKEY records with subdomains?

Answer: Yes, you can use OpenPGPKEY records with subdomains. Each subdomain can have its own OpenPGPKEY record, allowing you to associate OpenPGP public keys with specific subdomains within your domain hierarchy.


Last modified: 2024-09-24
Cookies help us deliver our services. By using our services, you agree to our use of cookies. Learn more