+ Make also-encrypt-to a list, add a commented stanza to the default

[pgp-tools.git] / caff / README.many-keys

diff --git a/caff/README.many-keys b/caff/README.many-keys
index 5d5c2f2301d02dd31ea8edd9e89a059a5481eb14..1fe8eb11ba6c45daea4022d23b31e23518b6b57e 100644 (file)
--- a/caff/README.many-keys
+++ b/caff/README.many-keys
@@ -2,7 +2,7 @@ Using caff to sign lots of keys
 -------------------------------
 
 If you have loads of keys to sign (sometimes, there are keysigning parties with
-more than 100 participants), keysigning can be arkward, even with caff. It gets
+more than 100 participants), keysigning can be awkward, even with caff. It gets
 worse if you have multiple local keys and want to sign with all.
 
 Some hints to get the signing done faster:
@@ -11,7 +11,8 @@ Some hints to get the signing done faster:
 
   caff and gpg allow you to specify the full fingerprint. This will save you
   from having to check the fingerprint yourself. If you have a text file with
-  all fingerprints, use that and then run
+  all fingerprints (with all the spaces stripped from them), use that and then
+  run
 
   $ caff <options> `cat ksp-fingerprints.txt`
 
@@ -19,11 +20,16 @@ Some hints to get the signing done faster:
 
   V3 keys (pgp 2.6x keys) are deprecated.  Not only do they rely on md5 for
   their fingerprint and signatures, they also use the patented IDEA algorithm
-  for encryption.  Many people (like caff's author) refuse to sign v3 keys
-  these days.
+  for encryption.  Also, there are several attacks that make creating new keys
+  with the same keyid trivial.  Others make it possible to create different
+  keys with the same fingerprint (tho the key will not actually contain valid
+  RSA parameters).
 
-  If you want to sign v3 keys, sign v3 separately. Batch processing does not
-  work. See README.v3-keys.
+  Because of these problems a lot of people (like caff's author) refuse to sign
+  v3 keys these days.
+
+  If you still want to sign v3 keys, sign v3 separately. Batch processing does
+  not work. See README.v3-keys.
 
 * Use multiple passes.
 
@@ -38,12 +44,21 @@ Some hints to get the signing done faster:
   caff will send out all previously done signatures in the message. (Of course
   you have to configure $CONFIG{'keyid'} to contain all your key ids.)
 
-  $ caff --no-export-old --no-mail -u <mykey1> <other_key>
-  $ caff --no-download --no-export-old -u <mykey2> <other_key>
+  $ caff --no-export-old --no-mail -u <mykey1> <keyids to sign>
+  $ caff --no-download --no-export-old -u <mykey2> <keyids to sign>
 
 * Use gpg-agent.
 
   See README.gpg-agent.
 
- -- Christoph Berg <cb@df7cb.de>  Sat,  2 Jul 2005 21:22:07 +0200
+* Use gpg-sign-args.
+
+  $CONFIG{'gpg-sign-args'} = "save";
+
+  This automatically saves the key after signing in gpg. The advantage is that
+  you do not have to type "save" for each key. The disadvantage is that you
+  cannot choose which UIDs to sign by answering "no" at the "Really sign?"
+  prompt any more; you will have *not* to send out some mails. (And you have
+  unwanted signatures lingering around in ~/.caff/gnupghome/pubring.gpg.)
 
+ -- Christoph Berg <cb@df7cb.de>  Wed,  6 Jul 2005 13:46:16 +0200