X-Git-Url: http://git.sthu.org/?a=blobdiff_plain;f=caff%2Fcaff;h=c4365e8ee96c926feb2fa80959ca8633dc72bce7;hb=83444f2d9cbd882062b638d2334de9f802ce4767;hp=f18ec8380f8a7b9697c9a129eb8833b5a1ca8a66;hpb=46554671ebc1e554b09c0fbd5305541f4848c20a;p=pgp-tools.git

diff --git a/caff/caff b/caff/caff
index f18ec83..c4365e8 100755
--- a/caff/caff
+++ b/caff/caff
@@ -156,7 +156,7 @@ An additional keyid to encrypt messages to. Default: none.
 
 =item B<gpg-sign-args> [string]
 
-Additional arguments to pass to gpg. Default: none.
+Additional arguments to pass to gpg.  Default: none.
 
 =head2 Keyserver settings
 
@@ -175,6 +175,11 @@ Default: B<0>.
 
 If true, then skip the signing step. Default: B<0>.
 
+=item B<ask-sign> [boolean]
+
+If true, then pause before continuing to the signing step.
+This is useful for offline signing. Default: B<0>.
+
 =item B<export-sig-age> [seconds]
 
 Don't export UIDs by default, on which your latest signature is older
@@ -266,7 +271,7 @@ sub load_config() {
 	die ("keyid is not defined.\n") unless defined $CONFIG{'keyid'};
 	die ("keyid is not an array ref\n") unless (ref $CONFIG{'keyid'} eq 'ARRAY');
 	for my $keyid (@{$CONFIG{'keyid'}}) {
-		$keyid =~ /^[A-Fa-z0-9]{16}$/ or die ("key $keyid is not a long (16 digit) keyid.\n");
+		$keyid =~ /^[A-F0-9]{16}$/i or die ("key $keyid is not a long (16 digit) keyid.\n");
 	};
 	@{$CONFIG{'keyid'}} = map { uc } @{$CONFIG{'keyid'}};
 	$CONFIG{'export-sig-age'}= 24*60*60 unless defined $CONFIG{'export-sig-age'};
@@ -285,9 +290,13 @@ please find attached the user id{(scalar @uids >= 2 ? 's' : '')}.
     $OUT .= "\t".$uid."\n";
 };} of your key {$key} signed by me.
 
-Note that I did not upload your key to any keyservers. If you want this
-new signature to be available to others, please upload it yourself.
-With GnuPG this can be done using
+Note that I did not upload your key to any keyservers.
+If you have multiple user ids, I sent the signature for each user id
+separately to that user id's associated email address. You can import
+the signatures by running each through `gpg --import`.
+
+If you want this new signature to be available to others, please upload
+it yourself. With GnuPG this can be done using
 	gpg --keyserver subkeys.pgp.net --send-key {$key}
 
 If you have any questions, don't hesitate to ask.
@@ -706,7 +715,7 @@ usage(\*STDERR, 1) unless scalar @ARGV >= 1;
 if ($params->{'local-user'}) {
 	$USER = $params->{'local-user'};
 	$USER =~ s/^0x//i;
-	unless ($USER =~ /^([A-Z0-9]{8}|[A-Z0-9]{16}|[A-Z0-9]{32}|[A-Z0-9]{40})$/i) {
+	unless ($USER =~ /^([A-F0-9]{8}|[A-F0-9]{16}|[A-F0-9]{40})$/i) {
 		print STDERR "-u $USER is not a keyid.\n";
 		usage(\*STDERR, 1);
 	};
@@ -715,7 +724,7 @@ if ($params->{'local-user'}) {
 
 for my $keyid (@ARGV) {
 	$keyid =~ s/^0x//i;
-	unless ($keyid =~ /^([A-Z0-9]{8}|[A-Z0-9]{16}|[A-Z0-9]{32}|[A-Z0-9]{40})$/i) {
+	unless ($keyid =~ /^([A-F0-9]{8}|[A-F0-9]{16}||[A-F0-9]{40})$/i) {
 		print STDERR "$keyid is not a keyid.\n";
 		usage(\*STDERR, 1);
 	};
@@ -761,9 +770,6 @@ if ($CONFIG{'no-download'}) {
 	@keyids_ok = @KEYIDS;
 } else {
 	info ("fetching keys, this will take a while...");
-	if (grep { /^[A-Z0-9]{32}$/ } @KEYIDS) {
-		info ("found v3 key fingerprints in argument list - note that HKP keyservers do not support retrieving v3 keys by fingerprint");
-	}
 
 	my $gpg = GnuPG::Interface->new();
 	$gpg->call( $CONFIG{'gpg'} );
@@ -782,18 +788,21 @@ if ($CONFIG{'no-download'}) {
 # [GNUPG:] IMPORT_OK 0 25FC1614B8F87B52FF2F99B962AF4031C82E0039
 	my %local_keyids = map { $_ => 1 } @KEYIDS;
 	for my $line (split /\n/, $status) {
-		if ($line =~ /^\[GNUPG:\] IMPORT_OK \d+ ([0-9A-F]{8})([0-9A-F]{16})([0-9A-F]{8})([0-9A-F]{0,8})/) {
-			my $imported_key;
-			$imported_key = $1.$2.$3    if $local_keyids{$1.$2.$3}; # v3 key
-			$imported_key = $1.$2.$3.$4 if $local_keyids{$1.$2.$3.$4};
-			$imported_key =       $3.$4 if $local_keyids{      $3.$4};
-			$imported_key =          $4 if $local_keyids{         $4};
-			unless ($imported_key) {
-			    notice ("Imported unexpected key; got: $1$2$3$4. (This is normal for v3 keys.)\n");
+		if ($line =~ /^\[GNUPG:\] IMPORT_OK \d+ ([0-9A-F]{40})/) {
+			my $imported_key = $1;
+			my $whole_fpr = $imported_key;
+			my $long_keyid = substr($imported_key, -16);
+			my $short_keyid = substr($imported_key, -8);
+			my $speced_key;
+			for my $spec (($whole_fpr, $long_keyid, $short_keyid)) {
+				$speced_key = $spec if $local_keyids{$spec};
+			};
+			unless ($speced_key) {
+			    notice ("Imported unexpected key; got: $imported_key\n");
 			    next;
 			};
-			debug ("Imported $imported_key");
-			delete $local_keyids{$imported_key};
+			debug ("Imported $imported_key for $speced_key");
+			delete $local_keyids{$speced_key};
 			unshift @keyids_ok, $imported_key;
 		} elsif ($line =~ /^\[GNUPG:\] (NODATA|IMPORT_RES|IMPORTED) /) {
 		} else {
@@ -814,6 +823,10 @@ unless (@keyids_ok) {
 ###########
 # sign keys
 ###########
+if ($CONFIG{'ask-sign'} && ! $CONFIG{'no-sign'}) {
+	$CONFIG{'no-sign'} = ! ask("Continue with signing?", 1);
+}
+	
 unless ($CONFIG{'no-sign'}) {
 	info("Sign the following keys according to your policy, then exit gpg with 'save' after signing each key");
 	for my $keyid (@keyids_ok) {
@@ -822,10 +835,9 @@ unless ($CONFIG{'no-sign'}) {
 		push @command, '--local-user', $USER if (defined $USER);
 		push @command, "--homedir=$GNUPGHOME";
 		push @command, '--secret-keyring', $CONFIG{'secret-keyring'};
-		push @command, split ' ', $CONFIG{'gpg-sign-args'} || "";
 		push @command, '--edit', $keyid;
 		push @command, 'sign';
-		push @command, 'save';
+		push @command, split ' ', $CONFIG{'gpg-sign-args'} || "";
 		print join(' ', @command),"\n";
 		system (@command);
 	};