of keyids on the command line, fetches them from a keyserver and calls GnuPG so
that you can sign it. It then mails each key to all its email addresses - only
including the one UID that we send to in each mail, pruned from all but self
-sigs and sigs done by you.
+sigs and sigs done by you. The mailed key is encrypted with itself as a means
+to verify that key belongs to the recipient.
=head1 OPTIONS
=head1 SEE ALSO
-gpg(1), pgp-clean(1), /usr/share/doc/signing-party/examples/caffrc.sample.
+gpg(1), pgp-clean(1), /usr/share/doc/signing-party/caff/caffrc.sample.
=cut
sub generate_config() {
- die "Error: \$LOGNAME is not set.\n" unless $ENV{LOGNAME};
- my $gecos = (getpwnam($ENV{LOGNAME}))[6];
- $gecos =~ s/,.*//;
+ notice("Error: \$LOGNAME is not set.\n") unless defined $ENV{'LOGNAME'};
+ my $gecos = defined $ENV{'LOGNAME'} ? (getpwnam($ENV{LOGNAME}))[6] : undef;
+ my $email;
+ my @keys;
+ my $hostname = `hostname -f`;
+ chomp $hostname;
+ my ($Cgecos,$Cemail,$Ckeys) = ('','','');
+ if (defined $gecos) {
+ $gecos =~ s/,.*//;
- my $gpg = GnuPG::Interface->new();
- $gpg->call( 'gpg' );
- $gpg->options->hash_init(
- 'extra_args' => [ qw{ --no-auto-check-trustdb --trust-model=always --with-colons --fixed-list-mode } ] );
- $gpg->options->meta_interactive( 0 );
- my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
- my $pid = $gpg->list_public_keys(handles => $handles, command_args => [ $gecos ]);
- my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd);
- waitpid $pid, 0;
+ my $gpg = GnuPG::Interface->new();
+ $gpg->call( 'gpg' );
+ $gpg->options->hash_init(
+ 'extra_args' => [ qw{ --no-auto-check-trustdb --trust-model=always --with-colons --fixed-list-mode } ] );
+ $gpg->options->meta_interactive( 0 );
+ my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
+ my $pid = $gpg->list_public_keys(handles => $handles, command_args => [ $gecos ]);
+ my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd);
+ waitpid $pid, 0;
- if ($stdout eq '') {
- warn ("No data from gpg for list-key\n"); # There should be at least 'tru:' everywhere.
- };
+ if ($stdout eq '') {
+ warn ("No data from gpg for list-key\n"); # There should be at least 'tru:' everywhere.
+ };
- my @keys;
- unless (@keys = ($stdout =~ /^pub:[^r:]*:(?:[^:]*:){2,2}([^:]+):/mg)) {
- die "Error: No keys were found using \"gpg --list-public-keys '$gecos'\".\n";
- }
- unless ($stdout =~ /^uid:.*<(.+@.+)>.*:/m) {
- die "Error: No email address was found using \"gpg --list-public-keys '$gecos'\".\n";
- }
- my $email = $1;
+ @keys = ($stdout =~ /^pub:[^r:]*:(?:[^:]*:){2,2}([^:]+):/mg);
+ unless (scalar @keys) {
+ info("Error: No keys were found using \"gpg --list-public-keys '$gecos'\".");
+ @keys = qw{0123456789abcdef 89abcdef76543210};
+ $Ckeys = '#';
+ }
+ ($email) = ($stdout =~ /^uid:.*<(.+?@.+?)>.*:/m);
+ unless (defined $email) {
+ info("Error: No email address was found using \"gpg --list-public-keys '$gecos'\".");
+ $email = $ENV{'LOGNAME'}.'@'.$hostname;
+ $Cemail = '#';
+ }
+ } else {
+ $gecos = 'Unknown Caff User';
+ $email = $ENV{'LOGNAME'}.'@'.$hostname;
+ @keys = qw{0123456789abcdef 89abcdef76543210};
+ ($Cgecos,$Cemail,$Ckeys) = ('#','#','#');
+ };
return <<EOT;
# .caffrc -- vim:syntax=perl:
# This file is in perl(1) format - see caff(1) for details.
-\$CONFIG{'owner'} = '$gecos';
-\$CONFIG{'email'} = '$email';
+$Cgecos\$CONFIG{'owner'} = '$gecos';
+$Cemail\$CONFIG{'email'} = '$email';
# you can get your long keyid from
# gpg --with-colons --list-key <yourkeyid|name|emailaddress..>
#
# if you have a v4 key, it will simply be the last 16 digits of
# your fingerprint.
+#
+# Example:
+# \$CONFIG{'keyid'} = [ qw{FEDCBA9876543210} ];
+# or, if you have more than one key:
+# \$CONFIG{'keyid'} = [ qw{0123456789ABCDEF 89ABCDEF76543210} ];
-\$CONFIG{'keyid'} = [ qw{@keys} ];
+$Ckeys\$CONFIG{'keyid'} = [ qw{@keys} ];
EOT
};
+sub check_executable($$) {
+ # (GnuPG::Interface gives lousy errors when the gpg binary isn't found,
+ # so we want to check manually.)
+ my ($purpose, $fn) = @_;
+ # Only check provided fnames with a slash in them.
+ return unless defined $fn;
+ if ($fn =~ m!/!) {
+ die ("$PROGRAM_NAME: $purpose executable '$fn' not found.\n") unless -x $fn;
+ } else {
+ for my $p (split(':', $ENV{PATH})) {
+ return if -x "$p/$fn";
+ };
+ die ("$PROGRAM_NAME: $purpose executable '$fn' not found on path.\n") unless -x $fn;
+ };
+};
+
sub load_config() {
my $config = $ENV{'HOME'} . '/.caffrc';
unless (-f $config) {
};
$CONFIG{'caffhome'}=$ENV{'HOME'}.'/.caff' unless defined $CONFIG{'caffhome'};
- die ("owner is not defined.\n") unless defined $CONFIG{'owner'};
- die ("email is not defined.\n") unless defined $CONFIG{'email'};
- die ("keyid is not defined.\n") unless defined $CONFIG{'keyid'};
- die ("keyid is not an array ref\n") unless (ref $CONFIG{'keyid'} eq 'ARRAY');
+ die ("$PROGRAM_NAME: owner is not defined in $config.\n") unless defined $CONFIG{'owner'};
+ die ("$PROGRAM_NAME: email is not defined in $config.\n") unless defined $CONFIG{'email'};
+ die ("$PROGRAM_NAME: keyid is not defined in $config.\n") unless defined $CONFIG{'keyid'};
+ die ("$PROGRAM_NAME: keyid is not an array ref in $config.\n") unless (ref $CONFIG{'keyid'} eq 'ARRAY');
for my $keyid (@{$CONFIG{'keyid'}}) {
- $keyid =~ /^[A-F0-9]{16}$/i or die ("key $keyid is not a long (16 digit) keyid.\n");
+ $keyid =~ /^[A-F0-9]{16}$/i or die ("$PROGRAM_NAME: key $keyid is not a long (16 digit) keyid in $config.\n");
};
@{$CONFIG{'keyid'}} = map { uc } @{$CONFIG{'keyid'}};
$CONFIG{'export-sig-age'}= 24*60*60 unless defined $CONFIG{'export-sig-age'};
$CONFIG{'gpg'} = 'gpg' unless defined $CONFIG{'gpg'};
$CONFIG{'gpg-sign'} = $CONFIG{'gpg'} unless defined $CONFIG{'gpg-sign'};
$CONFIG{'gpg-delsig'} = $CONFIG{'gpg'} unless defined $CONFIG{'gpg-delsig'};
+ check_executable("gpg", $CONFIG{'gpg'});
+ check_executable("gpg-sign", $CONFIG{'gpg-sign'});
+ check_executable("gpg-delsig", $CONFIG{'gpg-delsig'});
$CONFIG{'secret-keyring'} = $ENV{'HOME'}.'/.gnupg/secring.gpg' unless defined $CONFIG{'secret-keyring'};
$CONFIG{'no-download'} = 0 unless defined $CONFIG{'no-download'};
$CONFIG{'no-sign'} = 0 unless defined $CONFIG{'no-sign'};
$message = $stdout;
$message_entity = MIME::Entity->build(
- Type => 'multipart/encrypted; protocol="application/pgp-encrypted"');
+ Type => 'multipart/encrypted; protocol="application/pgp-encrypted"',
+ Encoding => '7bit');
$message_entity->attach(
Type => "application/pgp-encrypted",
projects / pgp-tools.git / blobdiff