X-Git-Url: http://git.sthu.org/?a=blobdiff_plain;f=caff%2FREADME;h=d11628a2fcacde84b7b029ba6707e8a450d3b26a;hb=88e91c7dab59944a9463696712fbfee3602bf7fa;hp=2af310ece74b779bee09a13be1452741f656514d;hpb=0d160bed87b5f23fa2601d50270697b8aff57088;p=pgp-tools.git diff --git a/caff/README b/caff/README index 2af310e..d11628a 100644 --- a/caff/README +++ b/caff/README @@ -1,12 +1,26 @@ caff -- CA - fire and forget +============================== caff is a script that helps you in keysigning. It takes a list of keyids on the command line, fetches them from a keyserver and calls GnuPG so that you can sign it. It then mails each key to all its email addresses - only including the one UID that we send to in each -mail. +mail, pruned from all but self sigs and sigs done by you. The mailed +key is encrypted with itself as a means to verify that key belongs to +the recipient. + +Since we do not upload the new signatures, or import them into our +main keyring, the signature only gets public if: + - the email address is valid, and + - the person reading the email can decrypt the mail (if it was sent + encrypted). +Therefore we achieve the same level of security as common Challenge +Response systems like CABot, without all the extra hassle of those +systems. + +FEATURES +-------- -Features: * Easy to setup. * Attaches only the very UID that we send to in the mail. * Prunes the key from all signatures that are not self sigs and @@ -16,29 +30,30 @@ Features: * Creates proper PGP MIME messages. * Uses separate GNUPGHOME for all its operations. -Special Requirements: - * GnuPG 1.3.92 or later. +DEPENDENCIES +------------ -Discussion: + gnupg (>= 1.3.92), perl, libgnupg-interface-perl, + libtext-template-perl, libmime-perl, libmailtools-perl (>= 1.62), + mailx -Since we do not upload the new signatures, or import them into our -main keyring, the signature only gets public if: - - the email address is valid - - the person reading the email can decrypt the mail (if it was sent - encrypted). +INSTALLATION +------------ -Therefore we achieve the same level of security as common Challenge -Repsonse systems like CABot, without all the extra hassle of those -systems. +After creating a ~/.caffrc from the template, caff almost works out of the box. +MULTIPLE SIGNING KEYS +--------------------- -Dependencies: gnupg (>= 1.3.92), perl, libgnupg-interface-perl, libtext-template-perl, libmime-perl, libmailtools-perl (>= 1.62), mailx +Q: I possess multiple keys. How can I use caff to sign each keyid + with both my keys? +A: Try this: + $ caff --no-export-old --no-mail -u + $ caff --no-download --no-export-old -u -INSTALLATION NOTES -After creating a ~/.caffrc from the template, caff almost works out of the box. -- Peter