+=pod
+
+=head1 NAME
+
+caff -- CA - Fire and Forget
+
+=head1 SYNOPSIS
+
+=over
+
+=item B<caff> [-u I<yourkeyid>] I<keyid> [I<keyid> ..]
+
+=back
+
+=head1 DESCRIPTION
+
+CA Fire and Forget is a script that helps you in keysigning. It takes a list
+of keyids on the command line, fetches them from a keyserver and calls GnuPG so
+that you can sign it. It then mails each key to all its email addresses - only
+including the one UID that we send to in each mail, pruned from all but self
+sigs and sigs done by you.
+
+=head1 OPTIONS
+
+=over
+
+=item B<-u> I<yourkeyid>
+
+Select the key that is used for signing, in case you have more than one key.
+
+=back
+
+=head1 FILES
+
+=over
+
+=item $HOME/.caffrc - configuration file
+
+=back
+
+=head1 CONFIGURATION FILE OPTIONS
+
+The configuration file is a perl script that sets values in the hash B<%CONFIG>.
+
+Example:
+
+ $CONFIG{owner} = q{Peter Palfrader};
+ $CONFIG{email} = q{peter@palfrader.org};
+ $CONFIG{keyid} = [ qw{DE7AAF6E94C09C7F 62AF4031C82E0039} ];
+
+=head2 Valid keys
+
+=over
+
+=item B<caffhome> [string]
+
+Base directory for the files caff stores. Default: B<$HOME/.caff/>.
+
+=item B<owner> [string]
+
+Your name. B<REQUIRED>.
+
+=item B<email> [string]
+
+Your email address, used in From: lines. B<REQUIRED>.
+
+=item B<keyid> [list of keyids]
+
+A list of your keys. This is used to determine which signatures to keep
+in the pruning step. If you select a key using B<-u> it has to be in
+this list. B<REQUIRED>.
+
+=item B<export-sig-age> [seconds]
+
+Don't export UIDs by default, on which your latest signature is older
+than this age. Default: B<24*60*60> (i.e. one day).
+
+=item B<keyserver> [string]
+
+Keyserver to download keys from. Default: B<subkeys.pgp.net>.
+
+=item B<gpg> [string]
+
+Path to the GnuPG binary. Default: B<gpg>.
+
+=item B<gpg-sign> [string]
+
+Path to the GnuPG binary which is used to sign keys. Default: what
+B<gpg> is set to.
+
+=item B<gpg-delsig> [string]
+
+Path to the GnuPG binary which is used to split off signatures. This is
+needed while the upstream GnuPG is not fixed (there are 2 bugs in the
+Debian Bug Tracking System). Default: what B<gpg> is set to.
+
+=item B<secret-keyring> [string]
+
+Path to your secret keyring. Default: B<$HOME/.gnupg/secring.gpg>.
+
+=item B<also-encrypt-to> [keyid]
+
+An additional keyid to encrypt messages to. Default: none.
+
+=item B<no-download> [boolean]
+
+If true, then skip the step of fetching keys from the keyserver.
+Default: B<0>.
+
+=item B<no-sign> [boolean]
+
+If true, then skip the signing step. Default: B<0>.
+
+=back
+
+=head1 AUTHOR
+
+Peter Palfrader <peter@palfrader.org>
+
+=head1 WEBSITE
+
+http://pgp-tools.alioth.debian.org/
+
+=cut
+