X-Git-Url: http://git.sthu.org/?a=blobdiff_plain;f=caff%2FREADME.many-keys;h=86dd4f223c93bf0ba0bd5ec6cf92a95faf5d655e;hb=a9630bdc99fdda11f2d20409730e777b300fabe9;hp=5d5c2f2301d02dd31ea8edd9e89a059a5481eb14;hpb=447dfe626aa5d4cb26c2e04fc55812e5214fc2a3;p=pgp-tools.git

diff --git a/caff/README.many-keys b/caff/README.many-keys
index 5d5c2f2..86dd4f2 100644
--- a/caff/README.many-keys
+++ b/caff/README.many-keys
@@ -11,7 +11,8 @@ Some hints to get the signing done faster:
 
   caff and gpg allow you to specify the full fingerprint. This will save you
   from having to check the fingerprint yourself. If you have a text file with
-  all fingerprints, use that and then run
+  all fingerprints (with all the spaces stripped from them), use that and then
+  run
 
   $ caff <options> `cat ksp-fingerprints.txt`
 
@@ -19,11 +20,16 @@ Some hints to get the signing done faster:
 
   V3 keys (pgp 2.6x keys) are deprecated.  Not only do they rely on md5 for
   their fingerprint and signatures, they also use the patented IDEA algorithm
-  for encryption.  Many people (like caff's author) refuse to sign v3 keys
-  these days.
+  for encryption.  Also, there are several attacks that make creating new keys
+  with the same keyid trivial.  Others make it possible to create different
+  keys with the same fingerprint (tho the key will not actually contain valid
+  RSA parameters).
 
-  If you want to sign v3 keys, sign v3 separately. Batch processing does not
-  work. See README.v3-keys.
+  Because of these problems a lot of people (like caff's author) refuse to sign
+  v3 keys these days.
+
+  If you still want to sign v3 keys, sign v3 separately. Batch processing does
+  not work. See README.v3-keys.
 
 * Use multiple passes.
 
@@ -38,12 +44,21 @@ Some hints to get the signing done faster:
   caff will send out all previously done signatures in the message. (Of course
   you have to configure $CONFIG{'keyid'} to contain all your key ids.)
 
-  $ caff --no-export-old --no-mail -u <mykey1> <other_key>
-  $ caff --no-download --no-export-old -u <mykey2> <other_key>
+  $ caff --no-export-old --no-mail -u <mykey1> <keyids to sign>
+  $ caff --no-download --no-export-old -u <mykey2> <keyids to sign>
 
 * Use gpg-agent.
 
   See README.gpg-agent.
 
- -- Christoph Berg <cb@df7cb.de>  Sat,  2 Jul 2005 21:22:07 +0200
+* Use gpg-sign-args.
+
+  $CONFIG{'gpg-sign-args'} = "save";
+
+  This automatically saves the key after signing in gpg. The advantage is that
+  you do not have to type "save" for each key. The disadvantage is that you
+  cannot choose which UIDs to sign by answering "no" at the "Really sign?"
+  prompt any more; you will have *not* to send out some mails. (And you have
+  unwanted signatures lingering around in ~/.caff/gnupghome/pubring.gpg.)
 
+ -- Christoph Berg <cb@df7cb.de>  Wed,  6 Jul 2005 13:46:16 +0200