OpenPGP public keys are used to encrypt or sign email messages and files. To encrypt an email message or verify a sender's OpenPGP signature, the email client Mail User Agent (MUA) or the email server Mail Transfer Agent (MTA) needs to locate the recipient's OpenPGP public key.
The OpenPGPKEY record has the following look in your ClouDNS Control Panel:
| Host | Type | Points to | TTL |
| hashedLocalPart._openpgpkey | OPENPGPKEY | Base 64 encoded string | 1 Hour |
The OPENPGPKEY DNS record is important because it allows individuals or organizations to associate their OpenPGP public keys with domain names. This record type helps establish a direct link between the email address associated with a domain and the corresponding OpenPGP key used for encrypting and verifying emails sent from that domain.
By creating an OpenPGPkey DNS record, email recipients can automatically get the public key associated with the sender's domain and use it to encrypt messages sent to that domain. This helps ensure the confidentiality and integrity of email communication.
Furthermore, the OpenPGPkey DNS record allows for easy key discovery and simplifies the process of verifying the authenticity of email messages. Email clients and encryption software can query the DNS records associated with a domain to get the necessary public key information for encryption and verification.
Log in to your ClouDNS account, enter your DNS zone management page, and click on the Add new record button. For Type, choose "OPENPGPKEY" and type as follows:
*This hostname is used as an example.
The OPENPGPKEY record type cannot be looked up easily in Windows. That is because neither Nslookup nor Powershell's Resolve-DnsName has support for it.
However, if you are a Windows user, you can install WSL (Windows Subsystem for Linux) and then follow the steps and instructions for Linux/macOS. The other option is to use an online lookup tool like the ClouDNS Free DNS tool to check your OPENPGPKEY record.
If you are a Linux or macOS user, start by opening the Terminal application. There, you can check your OPENPGPKEY record via DIG. Here is an example:
$ dig example.com OPENPGPKEY
The command will show you the information about the available OPENPGPKEY records.
ClouDNS provides full support for OPENPGPKEY records for all our DNS services, including the ones listed below. Just write to our technical support if you need any assistance with your OPENPGPKEY records configuration. Our Technical Support team is online for you 24/7 via live chat and tickets.
Question: How long does it take to propagate changes to an OpenPGPKEY record?
Answer: DNS record propagation times can vary depending on factors like the TTL (Time to Live) value set for the DNS record. Changes to OpenPGPKEY records may take some time to propagate, ranging from a few minutes to several hours.
Question: Are OpenPGPKEY records limited to personal use, or can organizations use them too?
Answer: OpenPGPKEY records are not limited to personal use and can be used by organizations. By publishing their OpenPGP public keys, they enable secure communication, digital signatures, or encryption with their correspondents.
Question: Can I use OpenPGPKEY records with subdomains?
Answer: Yes, you can use OpenPGPKEY records with subdomains. Each subdomain can have its own OpenPGPKEY record, allowing you to associate OpenPGP public keys with specific subdomains within your domain hierarchy.