=item B<-u> I<yourkeyid>, B<--local-user> I<yourkeyid>
Select the key that is used for signing, in case you have more than one key.
+To sign with multiple keys at once, separate multiple keyids by comma.
=item B<--key-file> I<file>
=item $HOME/.caff/gnupghome/gpg.conf - gpg configuration
-useful options include use-agent, default-cert-level, etc.
+useful options include use-agent, keyserver-options, default-cert-level, etc.
=back
Path to your secret keyring. Default: B<$HOME/.gnupg/secring.gpg>.
-=item B<also-encrypt-to> [list of keyids]
+=item B<also-encrypt-to> [keyid, or list of keyids]
Additional keyids to encrypt messages to. Default: none.
Don't export UIDs by default, on which your latest signature is older
than this age. Default: B<24*60*60> (i.e. one day).
-=item B<local-user> [string]
+=item B<local-user> [keyid, or list of keyids]
Select the key that is used for signing, in case you have more than one key.
+With multiple keyids, sign with each key in turn.
=head2 Mail settings
# \$CONFIG{'keyid'} = [ qw{0123456789ABCDEF 89ABCDEF76543210} ];
$Ckeys\$CONFIG{'keyid'} = [ qw{@keys} ];
-# Additionally encrypt messages sent to these keyids
+# Select this/these keys to sign with
+#\$CONFIG{'local-user'} = [ qw{@keys} ];
+
+# Additionally encrypt messages for these keyids
#\$CONFIG{'also-encrypt-to'} = [ qw{@keys} ];
# Mail template to use for the encrypted part
check_executable("gpg", $CONFIG{'gpg'});
check_executable("gpg-sign", $CONFIG{'gpg-sign'});
check_executable("gpg-delsig", $CONFIG{'gpg-delsig'});
- $CONFIG{'secret-keyring'} = $ENV{'HOME'}.'/.gnupg/secring.gpg' unless defined $CONFIG{'secret-keyring'};
+ $CONFIG{'secret-keyring'} = ($ENV{'GNUPGHOME'} || "$ENV{'HOME'}/.gnupg") . '/secring.gpg'
+ unless defined $CONFIG{'secret-keyring'};
$CONFIG{'no-download'} = 0 unless defined $CONFIG{'no-download'};
$CONFIG{'no-sign'} = 0 unless defined $CONFIG{'no-sign'};
$CONFIG{'key-files'} = () unless defined $CONFIG{'key-files'};
if (ref($CONFIG{'also-encrypt-to'})) {
$gpg->options->push_recipients($_)
foreach @{$CONFIG{'also-encrypt-to'}};
- } else { # old syntax
+ } else {
$gpg->options->push_recipients($CONFIG{'also-encrypt-to'});
}
}
};
-
-my $USER;
+###################
+# argument handling
+###################
my @KEYIDS;
my $params;
$CONFIG{'no-sign'} = $params->{'no-sign'} if defined $params->{'no-sign'};
push @{$CONFIG{'key-files'}}, @{$params->{'key-files'}} if defined $params->{'key-files'};
-if ($CONFIG{'local-user'}) {
- $USER = $CONFIG{'local-user'};
- $USER =~ s/^0x//i;
- unless ($USER =~ /^([A-F0-9]{8}|[A-F0-9]{16}|[A-F0-9]{40})$/i) {
- print STDERR "Local-user $USER is not a keyid.\n";
- usage(\*STDERR, 1);
- };
- $USER = uc($USER);
-};
-
for my $keyid (@ARGV) {
$keyid =~ s/^0x//i;
- unless ($keyid =~ /^([A-F0-9]{8}|[A-F0-9]{16}||[A-F0-9]{40})$/i) {
- if ($keyid =~ /^[A-F0-9]{32}$/) {
- info("Ignoring v3 fingerprint $keyid. v3 keys are obsolete.");
- next;
- };
+ if ($keyid =~ /^[A-F0-9]{32}$/i) {
+ info("Ignoring v3 fingerprint $keyid. v3 keys are obsolete.");
+ next;
+ };
+ if ($keyid !~ /^([A-F0-9]{8}|[A-F0-9]{16}|[A-F0-9]{40})$/i) {
print STDERR "$keyid is not a keyid.\n";
usage(\*STDERR, 1);
};
if (scalar %local_keyids) {
notice ("Import failed for: ". (join ' ', keys %local_keyids)."." . ($had_v3_keys ? " (Or maybe it's one of those ugly v3 keys?)" : ""));
exit 1 unless ask ("Some keys could not be imported - continue anyway?", 0);
- if (scalar %local_keyids == 1) {
+ if (scalar keys %local_keyids == 1) {
mywarn("Assuming ". (join ' ', keys %local_keyids)." is a fine keyid.");
} else {
mywarn("Assuming ". (join ' ', keys %local_keyids)." are fine keyids.");
}
unless ($CONFIG{'no-sign'}) {
+ my @local_user;
+ if ($CONFIG{'local-user'}) {
+ if (ref($CONFIG{'local-user'})) {
+ @local_user = @{$CONFIG{'local-user'}};
+ } else {
+ @local_user = split /\s*,\s*/, $CONFIG{'local-user'};
+ };
+ foreach (@local_user) {
+ s/^0x//i;
+ unless (/^([A-F0-9]{8}|[A-F0-9]{16}|[A-F0-9]{40})$/i) {
+ print STDERR "Local-user $_ is not a keyid.\n";
+ usage(\*STDERR, 1);
+ };
+ $_ = uc($_);
+ };
+ } else {
+ @local_user = (undef);
+ };
+
info("Sign the following keys according to your policy, then exit gpg with 'save' after signing each key");
for my $keyid (@keyids_ok) {
- my @command;
- push @command, $CONFIG{'gpg-sign'};
- push @command, '--local-user', $USER if (defined $USER);
- push @command, "--homedir=$GNUPGHOME";
- push @command, '--secret-keyring', $CONFIG{'secret-keyring'};
- push @command, '--no-auto-check-trustdb';
- push @command, '--trust-model=always';
- push @command, '--edit', $keyid;
- push @command, 'sign';
- push @command, split ' ', $CONFIG{'gpg-sign-args'} || "";
- print join(' ', @command),"\n";
- system (@command);
+ foreach my $local_user (@local_user) {
+ my @command;
+ push @command, $CONFIG{'gpg-sign'};
+ push @command, '--local-user', $local_user if (defined $local_user);
+ push @command, "--homedir=$GNUPGHOME";
+ push @command, '--secret-keyring', $CONFIG{'secret-keyring'};
+ push @command, '--no-auto-check-trustdb';
+ push @command, '--trust-model=always';
+ push @command, '--edit', $keyid;
+ push @command, 'sign';
+ push @command, split ' ', $CONFIG{'gpg-sign-args'} || "";
+ print join(' ', @command),"\n";
+ system (@command);
+ };
};
};
projects / pgp-tools.git / blobdiff