]> git.sthu.org Git - pgp-tools.git/blob - caff/README
54bc1f8fc977948f88f0220cd3e9c9ddf47ab653
[pgp-tools.git] / caff / README
1 caff -- CA - fire and forget
2
3 caff is a script that helps you in keysigning. It takes a list of
4 keyids on the command line, fetches them from a keyserver and calls
5 GnuPG so that you can sign it. It then mails each key to all its
6 email addresses - only including the one UID that we send to in each
7 mail.
8
9
10 Features:
11 * Easy to setup.
12 * Attaches only the very UID that we send to in the mail.
13 * Prunes the key from all signatures that are not self sigs and
14 not done by you, thereby greatly reducing the size of mails.
15 * Sends the mail encrypted if possible, will warn before sending
16 unencrypted mail (sign only keys)
17 * Creates proper PGP MIME messages.
18 * Uses separate GNUPGHOME for all its operations.
19
20 Caveats:
21 * Requires a gpg patch for now, until 2 bugs are fixed:
22 http://bugs.debian.org/252917 gnupg: --with-colons and --edit delsigs
23 http://bugs.debian.org/254072 gpg should flush stdout before prompting in --edit
24
25 Discussion:
26
27 Since we do not upload the new signatures, or import them into our
28 main keyring, the signature only gets public if:
29 - the email address is valid
30 - the person reading the email can decrypt the mail (if it was sent
31 encrypted).
32
33 Therefore we achieve the same level of security as common Challenge
34 Repsonse systems like CABot, without all the extra hassle of those
35 systems.
36
37
38 --
39 Peter