=over
-=item B<-e>, B<--export>, B<-E>, B<--no-export>
+=item B<-e>, B<--export-old>
-Export/do not export old signatures. Default is to ask the user for each old
+Export old signatures. Default is to ask the user for each old signature.
+
+=item B<-E>, B<--no-export-old>
+
+Do not export old signatures. Default is to ask the user for each old
signature.
-=item B<-m>, B<--mail>, B<-M>, B<--no-mail>
+=item B<-m>, B<--mail>
+
+Send mail after signing. Default is to ask the user for each uid.
-Send/do not send mail after signing. Default is to ask the user for each uid.
+=item B<-M>, B<--no-mail>
+
+Do not send mail after signing. Default is to ask the user for each uid.
=item B<-R>, B<--no-download>
=item B<gpg-sign-args> [string]
-Additional arguments to pass to gpg. Default: none.
+Additional arguments to pass to gpg. Default: none.
=head2 Keyserver settings
die ("keyid is not defined.\n") unless defined $CONFIG{'keyid'};
die ("keyid is not an array ref\n") unless (ref $CONFIG{'keyid'} eq 'ARRAY');
for my $keyid (@{$CONFIG{'keyid'}}) {
- $keyid =~ /^[A-Fa-z0-9]{16}$/ or die ("key $keyid is not a long (16 digit) keyid.\n");
+ $keyid =~ /^[A-Fa-f0-9]{16}$/ or die ("key $keyid is not a long (16 digit) keyid.\n");
};
@{$CONFIG{'keyid'}} = map { uc } @{$CONFIG{'keyid'}};
$CONFIG{'export-sig-age'}= 24*60*60 unless defined $CONFIG{'export-sig-age'};
$OUT .= "\t".$uid."\n";
};} of your key {$key} signed by me.
-Note that I did not upload your key to any keyservers. If you want this
-new signature to be available to others, please upload it yourself.
-With GnuPG this can be done using
+Note that I did not upload your key to any keyservers.
+If you have multiple user ids, I sent the signature for each user id
+separately to that user id's associated email address. You can import
+the signatures by running each through `gpg --import`.
+
+If you want this new signature to be available to others, please upload
+it yourself. With GnuPG this can be done using
gpg --keyserver subkeys.pgp.net --send-key {$key}
If you have any questions, don't hesitate to ask.
'-V' => \$params->{'version'},
'-u=s' => \$params->{'local-user'},
'--local-user=s' => \$params->{'local-user'},
- '-e' => \$params->{'export'},
- '--export' => \$params->{'export'},
- '-E' => \$params->{'no-export'},
- '--no-export' => \$params->{'no-export'},
+ '-e' => \$params->{'export-old'},
+ '--export-old' => \$params->{'export-old'},
+ '-E' => \$params->{'no-export-old'},
+ '--no-export-old' => \$params->{'no-export-old'},
'-m' => \$params->{'mail'},
'--mail' => \$params->{'mail'},
'-M' => \$params->{'no-mail'},
if ($params->{'local-user'}) {
$USER = $params->{'local-user'};
$USER =~ s/^0x//i;
- unless ($USER =~ /^([A-Z0-9]{8}|[A-Z0-9]{16}|[A-Z0-9]{32}|[A-Z0-9]{40})$/i) {
+ unless ($USER =~ /^([A-Z0-9]{8}|[A-Z0-9]{16}|[A-Z0-9]{40})$/i) {
print STDERR "-u $USER is not a keyid.\n";
usage(\*STDERR, 1);
};
for my $keyid (@ARGV) {
$keyid =~ s/^0x//i;
- unless ($keyid =~ /^([A-Z0-9]{8}|[A-Z0-9]{16}|[A-Z0-9]{32}|[A-Z0-9]{40})$/i) {
+ unless ($keyid =~ /^([A-Z0-9]{8}|[A-Z0-9]{16}||[A-Z0-9]{40})$/i) {
print STDERR "$keyid is not a keyid.\n";
usage(\*STDERR, 1);
};
@keyids_ok = @KEYIDS;
} else {
info ("fetching keys, this will take a while...");
- if (grep { /^[A-Z0-9]{32}$/ } @KEYIDS) {
- info ("found v3 key fingerprints in argument list - note that HKP keyservers do not support retrieving v3 keys by fingerprint");
- }
my $gpg = GnuPG::Interface->new();
$gpg->call( $CONFIG{'gpg'} );
# [GNUPG:] IMPORT_OK 0 25FC1614B8F87B52FF2F99B962AF4031C82E0039
my %local_keyids = map { $_ => 1 } @KEYIDS;
for my $line (split /\n/, $status) {
- if ($line =~ /^\[GNUPG:\] IMPORT_OK \d+ ([0-9A-F]{8})([0-9A-F]{16})([0-9A-F]{8})([0-9A-F]{0,8})/) {
- my $imported_key;
- $imported_key = $1.$2.$3 if $local_keyids{$1.$2.$3}; # v3 key
- $imported_key = $1.$2.$3.$4 if $local_keyids{$1.$2.$3.$4};
- $imported_key = $3.$4 if $local_keyids{ $3.$4};
- $imported_key = $4 if $local_keyids{ $4};
- unless ($imported_key) {
- warn("Imported unexpected key; got: $imported_key.\n");
+ if ($line =~ /^\[GNUPG:\] IMPORT_OK \d+ ([0-9A-F]{40})/) {
+ my $imported_key = $1;
+ my $whole_fpr = $imported_key;
+ my $long_keyid = substr($imported_key, -16);
+ my $short_keyid = substr($imported_key, -8);
+ my $speced_key;
+ for my $spec (($whole_fpr, $long_keyid, $short_keyid)) {
+ $speced_key = $spec if $local_keyids{$spec};
+ };
+ unless ($speced_key) {
+ notice ("Imported unexpected key; got: $imported_key\n");
next;
};
- debug ("Imported $imported_key");
- delete $local_keyids{$imported_key};
+ debug ("Imported $imported_key for $speced_key");
+ delete $local_keyids{$speced_key};
unshift @keyids_ok, $imported_key;
- } elsif ($line =~ /^\[GNUPG:\] NODATA 1$/) {
- } elsif ($line =~ /^\[GNUPG:\] IMPORT_RES /) {
+ } elsif ($line =~ /^\[GNUPG:\] (NODATA|IMPORT_RES|IMPORTED) /) {
} else {
notice ("got unknown reply from gpg: $line");
}
push @command, '--local-user', $USER if (defined $USER);
push @command, "--homedir=$GNUPGHOME";
push @command, '--secret-keyring', $CONFIG{'secret-keyring'};
- push @command, split ' ', $CONFIG{'gpg-sign-args'} || "";
push @command, '--edit', $keyid;
push @command, 'sign';
- push @command, 'save';
+ push @command, split ' ', $CONFIG{'gpg-sign-args'} || "";
print join(' ', @command),"\n";
system (@command);
};
if ($signed_by_me) {
if ($NOW - $signed_by_me > $CONFIG{'export-sig-age'} ) {
- my $write = ask("Signature on $this_uid_text is old. Export?", 0, $params->{export}, $params->{'no-export'});
+ my $write = ask("Signature on $this_uid_text is old. Export?", 0, $params->{'export-old'}, $params->{'no-export-old'});
next unless $write;
};
my $keydir = "$KEYSBASE/$DATE_STRING";