+=pod
+
+=head1 NAME
+
+caff -- CA - Fire and Forget
+
+=head1 SYNOPSIS
+
+=over
+
+=item B<caff> [-eEmMRS] [-u I<yourkeyid>] I<keyid> [I<keyid> ..]
+
+=back
+
+=head1 DESCRIPTION
+
+CA Fire and Forget is a script that helps you in keysigning. It takes a list
+of keyids on the command line, fetches them from a keyserver and calls GnuPG so
+that you can sign it. It then mails each key to all its email addresses - only
+including the one UID that we send to in each mail, pruned from all but self
+sigs and sigs done by you. The mailed key is encrypted with itself as a means
+to verify that key belongs to the recipient.
+
+=head1 OPTIONS
+
+=over
+
+=item B<-e>, B<--export-old>
+
+Export old signatures. Default is to ask the user for each old signature.
+
+=item B<-E>, B<--no-export-old>
+
+Do not export old signatures. Default is to ask the user for each old
+signature.
+
+=item B<-m>, B<--mail>
+
+Send mail after signing. Default is to ask the user for each uid.
+
+=item B<-M>, B<--no-mail>
+
+Do not send mail after signing. Default is to ask the user for each uid.
+
+=item B<-R>, B<--no-download>
+
+Do not retrieve the key to be signed from a keyserver.
+
+=item B<-S>, B<--no-sign>
+
+Do not sign the keys.
+
+=item B<-u> I<yourkeyid>, B<--local-user> I<yourkeyid>
+
+Select the key that is used for signing, in case you have more than one key.
+To sign with multiple keys at once, separate multiple keyids by comma.
+
+=item B<--key-file> I<file>
+
+Import keys from file. Can be supplied more than once.
+
+=back
+
+=head1 FILES
+
+=over
+
+=item $HOME/.caffrc - configuration file
+
+=item $HOME/.caff/keys/yyyy-mm-dd/ - processed keys
+
+=item $HOME/.caff/gnupghome/ - caff's working dir for gpg
+
+=item $HOME/.caff/gnupghome/gpg.conf - gpg configuration
+
+useful options include use-agent, keyserver-options, default-cert-level, etc.
+
+=back
+
+=head1 CONFIGURATION FILE OPTIONS
+
+The configuration file is a perl script that sets values in the hash B<%CONFIG>.
+The file is generated when it does not exist.
+
+Example:
+
+ $CONFIG{'owner'} = q{Peter Palfrader};
+ $CONFIG{'email'} = q{peter@palfrader.org};
+ $CONFIG{'keyid'} = [ qw{DE7AAF6E94C09C7F 62AF4031C82E0039} ];
+
+=head2 Required basic settings
+
+=over
+
+=item B<owner> [string]
+
+Your name. B<REQUIRED>.
+
+=item B<email> [string]
+
+Your email address, used in From: lines. B<REQUIRED>.
+
+=item B<keyid> [list of keyids]
+
+A list of your keys. This is used to determine which signatures to keep
+in the pruning step. If you select a key using B<-u> it has to be in
+this list. B<REQUIRED>.
+
+=head2 General settings
+
+=item B<caffhome> [string]
+
+Base directory for the files caff stores. Default: B<$HOME/.caff/>.
+
+=head2 GnuPG settings
+
+=item B<gpg> [string]
+
+Path to the GnuPG binary. Default: B<gpg>.
+
+=item B<gpg-sign> [string]
+
+Path to the GnuPG binary which is used to sign keys. Default: what
+B<gpg> is set to.
+
+=item B<gpg-delsig> [string]
+
+Path to the GnuPG binary which is used to split off signatures. This was
+needed while the upstream GnuPG was not fixed. Default: what B<gpg>
+is set to.
+
+=item B<secret-keyring> [string]
+
+Path to your secret keyring. Default: B<$HOME/.gnupg/secring.gpg>.
+
+=item B<also-encrypt-to> [keyid, or list of keyids]
+
+Additional keyids to encrypt messages to. Default: none.
+
+=item B<gpg-sign-args> [string]
+
+Additional commands to pass to gpg after the "sign" command.
+Default: none.
+
+=head2 Keyserver settings
+
+=item B<keyserver> [string]
+
+Keyserver to download keys from. Default: B<subkeys.pgp.net>.
+
+=item B<no-download> [boolean]
+
+If true, then skip the step of fetching keys from the keyserver.
+Default: B<0>.
+
+=item B<key-files> [list of files]
+
+A list of files containing keys to be imported.
+
+=head2 Signing settings
+
+=item B<no-sign> [boolean]
+
+If true, then skip the signing step. Default: B<0>.
+
+=item B<ask-sign> [boolean]
+
+If true, then pause before continuing to the signing step.
+This is useful for offline signing. Default: B<0>.
+
+=item B<export-sig-age> [seconds]
+
+Don't export UIDs by default, on which your latest signature is older
+than this age. Default: B<24*60*60> (i.e. one day).
+
+=item B<local-user> [keyid, or list of keyids]
+
+Select the key that is used for signing, in case you have more than one key.
+With multiple keyids, sign with each key in turn.
+
+=head2 Mail settings
+
+=item B<mail> [boolean]
+
+Do not prompt for sending mail, just do it. Default: B<0>.
+
+=item B<no-mail> [boolean]
+
+Do not prompt for sending mail. The messages are still written to
+$CONFIG{'caffhome'}/keys/. Default: B<0>.
+
+=item B<mail-template> [string]
+
+Email template which is used as the body text for the email sent out
+instead of the default text if specified. The following perl variables
+can be used in the template:
+
+=over
+
+=item B<{owner}> [string]
+
+Your name as specified in the L<B<owner>|/item_owner__5bstring_5d> setting.
+
+=item B<{key}> [string]
+
+The keyid of the key you signed.
+
+=item B<{@uids}> [array]
+
+The UIDs for which signatures are included in the mail.
+
+=back
+
+=item B<reply-to> [string]
+
+Add a Reply-To: header to messages sent. Default: none.
+
+=item B<bcc> [string]
+
+Address to send blind carbon copies to when sending mail.
+Default: none.
+
+=item B<mailer-send> [array]
+
+Parameters to pass to Mail::Mailer.
+This could for example be
+
+ $CONFIG{'mailer-send'} = [ 'smtp', Server => 'mail.server', Auth => ['user', 'pass'] ];
+
+to use the perl SMTP client or
+
+ $CONFIG{'mailer-send'} = [ 'sendmail', '-o8' ];
+
+to pass arguments to the sendmail program.
+For more information run C<< perldoc Mail::Mailer >>.
+Setting this option is strongly discouraged. Fix your local MTA
+instead.
+Default: none.
+
+=back
+
+=head1 AUTHORS
+
+=over
+
+=item Peter Palfrader <peter@palfrader.org>
+
+=item Christoph Berg <cb@df7cb.de>
+
+=back
+
+=head1 WEBSITE
+
+http://pgp-tools.alioth.debian.org/
+
+=head1 SEE ALSO
+
+gpg(1), pgp-clean(1), /usr/share/doc/signing-party/caff/caffrc.sample.
+
+=cut
+