=over
-=item B<caff> [-mMR] [-u I<yourkeyid>] I<keyid> [I<keyid> ..]
+=item B<caff> [-eEmMRS] [-u I<yourkeyid>] I<keyid> [I<keyid> ..]
=back
=over
+=item B<-e>, B<--export-old>
+
+Export old signatures. Default is to ask the user for each old signature.
+
+=item B<-E>, B<--no-export-old>
+
+Do not export old signatures. Default is to ask the user for each old
+signature.
+
=item B<-m>, B<--mail>
Send mail after signing. Default is to ask the user for each uid.
Do not retrieve the key to be signed from a keyserver.
+=item B<-S>, B<--no-sign>
+
+Do not sign the keys.
+
=item B<-u> I<yourkeyid>, B<--local-user> I<yourkeyid>
Select the key that is used for signing, in case you have more than one key.
+=item B<--key-file> I<file>
+
+Import keys from file. Can be supplied more than once.
+
=back
=head1 FILES
=item $HOME/.caffrc - configuration file
+=item $HOME/.caff/keys/yyyy-mm-dd/ - processed keys
+
+=item $HOME/.caff/gnupghome/ - caff's working dir for gpg
+
+=item $HOME/.caff/gnupghome/gpg.conf - gpg configuration
+
+useful options include use-agent, default-cert-level, etc.
+
=back
=head1 CONFIGURATION FILE OPTIONS
The configuration file is a perl script that sets values in the hash B<%CONFIG>.
+The file is generated when it does not exist.
Example:
An additional keyid to encrypt messages to. Default: none.
+=item B<gpg-sign-args> [string]
+
+Additional arguments to pass to gpg. Default: none.
+
=head2 Keyserver settings
=item B<keyserver> [string]
If true, then skip the step of fetching keys from the keyserver.
Default: B<0>.
+=item B<key-files> [list of files]
+
+A list of files containing keys to be imported.
+
=head2 Signing settings
=item B<no-sign> [boolean]
If true, then skip the signing step. Default: B<0>.
+=item B<ask-sign> [boolean]
+
+If true, then pause before continuing to the signing step.
+This is useful for offline signing. Default: B<0>.
+
=item B<export-sig-age> [seconds]
Don't export UIDs by default, on which your latest signature is older
=item B<mail-template> [string]
-Email template which is used as the body text for the email sent out.
+Email template which is used as the body text for the email sent out
instead of the default text if specified. The following perl variables
can be used in the template:
=back
+=item B<reply-to> [string]
+
+Add a Reply-To: header to messages sent. Default: none.
+
=item B<bcc> [string]
Address to send blind carbon copies to when sending mail.
http://pgp-tools.alioth.debian.org/
+=head1 SEE ALSO
+
+gpg(1), pgp-clean(1), /usr/share/doc/signing-party/examples/caffrc.sample.
+
=cut
use strict;
my ($REVISION_NUMER) = $REVISION =~ /(\d+)/;
my $VERSION = "0.0.0.$REVISION_NUMER";
+sub generate_config() {
+ die "Error: \$LOGNAME is not set.\n" unless $ENV{LOGNAME};
+ my $gecos = (getpwnam($ENV{LOGNAME}))[6];
+ $gecos =~ s/,.*//;
+
+ my $gpg = GnuPG::Interface->new();
+ $gpg->call( 'gpg' );
+ $gpg->options->hash_init(
+ 'extra_args' => [ qw{ --no-auto-check-trustdb --trust-model=always --with-colons --fixed-list-mode } ] );
+ $gpg->options->meta_interactive( 0 );
+ my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
+ my $pid = $gpg->list_public_keys(handles => $handles, command_args => [ $gecos ]);
+ my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd);
+ waitpid $pid, 0;
+
+ if ($stdout eq '') {
+ warn ("No data from gpg for list-key\n"); # There should be at least 'tru:' everywhere.
+ };
+
+ my @keys;
+ unless (@keys = ($stdout =~ /^pub:[^r:]*:(?:[^:]*:){2,2}([^:]+):/mg)) {
+ die "Error: No keys were found using \"gpg --list-public-keys '$gecos'\".\n";
+ }
+ unless ($stdout =~ /^uid:.*<(.+@.+)>.*:/m) {
+ die "Error: No email address was found using \"gpg --list-public-keys '$gecos'\".\n";
+ }
+ my $email = $1;
+
+ return <<EOT;
+# .caffrc -- vim:syntax=perl:
+# This file is in perl(1) format - see caff(1) for details.
+
+\$CONFIG{'owner'} = '$gecos';
+\$CONFIG{'email'} = '$email';
+
+# you can get your long keyid from
+# gpg --with-colons --list-key <yourkeyid|name|emailaddress..>
+#
+# if you have a v4 key, it will simply be the last 16 digits of
+# your fingerprint.
+
+\$CONFIG{'keyid'} = [ qw{@keys} ];
+EOT
+};
+
sub load_config() {
my $config = $ENV{'HOME'} . '/.caffrc';
- -f $config or die "No file $config present. See caff(1).\n";
+ unless (-f $config) {
+ print "No configfile $config present, I will use this template:\n";
+ my $template = generate_config();
+ print "$template\nPress enter to continue.";
+ <STDIN>;
+ open F, ">$config" or die "$config: $!";
+ print F $template;
+ close F;
+ }
unless (scalar eval `cat $config`) {
die "Couldn't parse $config: $EVAL_ERROR\n" if $EVAL_ERROR;
};
die ("keyid is not defined.\n") unless defined $CONFIG{'keyid'};
die ("keyid is not an array ref\n") unless (ref $CONFIG{'keyid'} eq 'ARRAY');
for my $keyid (@{$CONFIG{'keyid'}}) {
- $keyid =~ /^[A-Fa-z0-9]{16}$/ or die ("key $keyid is not a long (16 digit) keyid.\n");
+ $keyid =~ /^[A-F0-9]{16}$/i or die ("key $keyid is not a long (16 digit) keyid.\n");
};
@{$CONFIG{'keyid'}} = map { uc } @{$CONFIG{'keyid'}};
$CONFIG{'export-sig-age'}= 24*60*60 unless defined $CONFIG{'export-sig-age'};
$CONFIG{'secret-keyring'} = $ENV{'HOME'}.'/.gnupg/secring.gpg' unless defined $CONFIG{'secret-keyring'};
$CONFIG{'no-download'} = 0 unless defined $CONFIG{'no-download'};
$CONFIG{'no-sign'} = 0 unless defined $CONFIG{'no-sign'};
+ $CONFIG{'key-files'} = () unless defined $CONFIG{'key-files'};
$CONFIG{'mail-template'} = <<'EOM' unless defined $CONFIG{'mail-template'};
Hi,
$OUT .= "\t".$uid."\n";
};} of your key {$key} signed by me.
-Note that I did not upload your key to any keyservers. If you want this
-new signature to be available to others, please upload it yourself.
-With GnuPG this can be done using
+Note that I did not upload your key to any keyservers.
+If you have multiple user ids, I sent the signature for each user id
+separately to that user id's associated email address. You can import
+the signatures by running each through `gpg --import`.
+
+If you want this new signature to be available to others, please upload
+it yourself. With GnuPG this can be done using
gpg --keyserver subkeys.pgp.net --send-key {$key}
If you have any questions, don't hesitate to ask.
return ($stdout, $stderr, $status);
};
-sub ask($$) {
- my ($question, $default) = @_;
+sub ask($$;$$) {
+ my ($question, $default, $forceyes, $forceno) = @_;
my $answer;
+ my $yn = $default ? '[Y/n]' : '[y/N]';
while (1) {
- print $question,' ',($default ? '[Y/n]' : '[y/N]'), ' ';
+ print $question,' ',$yn, ' ';
+ if ($forceyes && $forceno) {
+ print "$default (from config/command line)\n";
+ return $default;
+ };
+ if ($forceyes) {
+ print "YES (from config/command line)\n";
+ return 1;
+ };
+ if ($forceno) {
+ print "NO (from config/command line)\n";
+ return 0;
+ };
+
$answer = <STDIN>;
+ if (!defined $answer) {
+ $OUTPUT_AUTOFLUSH = 1;
+ die "\n\n".
+ "End of STDIN reached. Are you using xargs? Caff wants to read from STDIN,\n".
+ "so you can't really use it with xargs. A patch against caff to read from\n".
+ "the terminal would be appreciated.\n".
+ "For now instead of cat keys | xargs caff do caff `cat keys`\n";
+ };
chomp $answer;
- last if ((defined $answer) && (length $answer <= 1));
- print "grrrrrr.\n";
+ last if ((length $answer == 0) || ($answer =~ m/^[yYnN]$/) );
+ print "What about $yn is so hard to understand?\nAnswer with either 'n' or 'y' or just press enter for the default.\n";
sleep 1;
};
my $result = $default;
sub usage($$) {
my ($fd, $exitcode) = @_;
version($fd);
- print $fd "Usage: $PROGRAM_NAME [-mMR] [-u <yourkeyid>] <keyid> [<keyid> ...]\n";
+ print $fd "Usage: $PROGRAM_NAME [-eEmMRS] [-u <yourkeyid>] <keyid> [<keyid> ...]\n";
print $fd "Consult the manual page for more information.\n";
exit $exitcode;
};
my $gpg = GnuPG::Interface->new();
$gpg->call( $CONFIG{'gpg'} );
- $gpg->options->hash_init(
- 'homedir' => $gnupghome,
- 'armor' => 1 );
+ if (defined $gnupghome) {
+ $gpg->options->hash_init(
+ 'homedir' => $gnupghome,
+ 'extra_args' => [ qw{ --no-auto-check-trustdb --trust-model=always } ],
+ 'armor' => 1 );
+ } else {
+ $gpg->options->hash_init(
+ 'extra_args' => [ qw{ --no-auto-check-trustdb --trust-model=always } ],
+ 'armor' => 1 );
+ };
$gpg->options->meta_interactive( 0 );
my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
my $pid = $gpg->export_keys(handles => $handles, command_args => [ $keyid ]);
my $gpg = GnuPG::Interface->new();
$gpg->call( $CONFIG{'gpg'} );
- $gpg->options->hash_init( 'homedir' => $gnupghome );
+ $gpg->options->hash_init(
+ 'homedir' => $gnupghome,
+ 'extra_args' => [ qw{ --no-auto-check-trustdb --trust-model=always } ] );
$gpg->options->meta_interactive( 0 );
my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
my $pid = $gpg->import_keys(handles => $handles);
Type => "application/pgp-keys",
Disposition => 'attachment',
Encoding => "7bit",
- Description => "PGP Key 0x$key_id, uid ".($key->{'text'}).' ('.($key->{'serial'}).')',
+ Description => "PGP Key 0x$key_id, uid ".($key->{'text'}).' ('.($key->{'serial'}).'), signed by 0x'.$CONFIG{'keyid'}[0],
Data => $key->{'key'},
- Filename => "0x$key_id.".$key->{'serial'}.".asc");
+ Filename => "0x$key_id.".$key->{'serial'}.".signed-by-0x".$CONFIG{'keyid'}[0].".asc");
};
if ($can_encrypt) {
my $gpg = GnuPG::Interface->new();
$gpg->call( $CONFIG{'gpg'} );
$gpg->options->hash_init( 'homedir' => $GNUPGHOME,
- 'extra_args' => '--always-trust',
+ 'extra_args' => [ qw{ --no-auto-check-trustdb --trust-model=always } ],
'armor' => 1 );
$gpg->options->meta_interactive( 0 );
my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
$message_entity->head->add("Subject", "Your signed PGP key 0x$key_id");
$message_entity->head->add("To", $address);
$message_entity->head->add("From", '"'.$CONFIG{'owner'}.'" <'.$CONFIG{'email'}.'>');
+ $message_entity->head->add("Reply-To", $CONFIG{'reply-to'}) if defined $CONFIG{'reply-to'};
$message_entity->head->add("Bcc", $CONFIG{'bcc'}) if defined $CONFIG{'bcc'};
$message_entity->head->add("User-Agent", $USER_AGENT);
$message_entity->send();
'-V' => \$params->{'version'},
'-u=s' => \$params->{'local-user'},
'--local-user=s' => \$params->{'local-user'},
+ '-e' => \$params->{'export-old'},
+ '--export-old' => \$params->{'export-old'},
+ '-E' => \$params->{'no-export-old'},
+ '--no-export-old' => \$params->{'no-export-old'},
'-m' => \$params->{'mail'},
'--mail' => \$params->{'mail'},
'-M' => \$params->{'no-mail'},
'--no-mail' => \$params->{'no-mail'},
'-R' => \$params->{'no-download'},
'--no-download' => \$params->{'no-download'},
+ '-S' => \$params->{'no-sign'},
+ '--no-sign' => \$params->{'no-sign'},
+ '--key-file=s@' => \$params->{'key-files'},
)) {
usage(\*STDERR, 1);
};
if ($params->{'local-user'}) {
$USER = $params->{'local-user'};
$USER =~ s/^0x//i;
- unless ($USER =~ /^[A-Za-z0-9]{8,8}([A-Za-z0-9]{8})?$/) {
+ unless ($USER =~ /^([A-F0-9]{8}|[A-F0-9]{16}|[A-F0-9]{40})$/i) {
print STDERR "-u $USER is not a keyid.\n";
usage(\*STDERR, 1);
};
for my $keyid (@ARGV) {
$keyid =~ s/^0x//i;
- unless ($keyid =~ /^[A-Za-z0-9]{8}([A-Za-z0-9]{8}|[A-Za-z0-9]{32})?$/) {
+ unless ($keyid =~ /^([A-F0-9]{8}|[A-F0-9]{16}||[A-F0-9]{40})$/i) {
+ if ($keyid =~ /^[A-F0-9]{32}$/) {
+ info("Ignoring v3 fingerprint $keyid. v3 keys are obsolete.");
+ next;
+ };
print STDERR "$keyid is not a keyid.\n";
usage(\*STDERR, 1);
};
$CONFIG{'no-download'} = $params->{'no-download'} if defined $params->{'no-download'};
$CONFIG{'no-mail'} = $params->{'no-mail'} if defined $params->{'no-mail'};
$CONFIG{'mail'} = $params->{'mail'} if defined $params->{'mail'};
+$CONFIG{'no-sign'} = $params->{'no-sign'} if defined $params->{'no-sign'};
+push @{$CONFIG{'key-files'}}, @{$params->{'key-files'}} if defined $params->{'key-files'};
#################
# import own keys
#################
+for my $keyid (@{$CONFIG{'keyid'}}) {
my $gpg = GnuPG::Interface->new();
$gpg->call( $CONFIG{'gpg'} );
$gpg->options->hash_init(
'homedir' => $GNUPGHOME,
- 'extra_args' => '--keyserver='.$CONFIG{'keyserver'} );
+ 'extra_args' => [ qw{ --no-auto-check-trustdb --trust-model=always --with-colons --fixed-list-mode --fast-list-mode } ] );
$gpg->options->meta_interactive( 0 );
my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
- $gpg->options->hash_init( 'extra_args' => [ '--with-colons', '--fixed-list-mode' ] );
- my $pid = $gpg->list_public_keys(handles => $handles, command_args => $CONFIG{'keyid'});
+ my $pid = $gpg->list_public_keys(handles => $handles, command_args => $keyid);
my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd);
waitpid $pid, 0;
+
if ($stdout eq '') {
- warn ("No data from gpg for list-key\n");
- next;
+ warn ("No data from gpg for list-key\n"); # There should be at least 'tru:' everywhere.
};
- foreach my $keyid (@{$CONFIG{'keyid'}}) {
- unless ($stdout =~ /^pub:(?:[^:]*:){3,3}$keyid:/m) {
- info("Importing $keyid");
- system "gpg --export $keyid | gpg --import --homedir $GNUPGHOME";
- }
+ unless ($stdout =~ /^pub:(?:[^:]*:){3,3}$keyid:/m) {
+ info("Key $keyid not found in caff's home. Getting it from your normal GnuPGHome.");
+ my $key = export_key(undef, $keyid);
+ if (!defined $key || $key eq '') {
+ warn ("Did not get key $keyid from your normal GnuPGHome\n");
+ next;
+ };
+ my $result = import_key($GNUPGHOME, $key);
+ unless ($result) {
+ warn ("Could not import $keyid into caff's gnupghome.\n");
+ next;
+ };
}
+}
+
+########################
+# import keys from files
+########################
+foreach my $keyfile (@{$CONFIG{'key-files'}}) {
+ my $gpg = GnuPG::Interface->new();
+ $gpg->call( $CONFIG{'gpg'} );
+ $gpg->options->hash_init('homedir' => $GNUPGHOME);
+ $gpg->options->meta_interactive( 0 );
+ my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
+ my $pid = $gpg->import_keys(handles => $handles, command_args => $keyfile);
+ my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd);
+ info ("Importing keys from $keyfile");
+ waitpid $pid, 0;
+ if ($status !~ /^\[GNUPG:\] IMPORT_OK/m) {
+ warn $stderr;
+ }
+}
#############################
# receive keys from keyserver
#############################
my @keyids_ok;
-my @keyids_failed;
if ($CONFIG{'no-download'}) {
@keyids_ok = @KEYIDS;
} else {
+ info ("fetching keys, this will take a while...");
+
my $gpg = GnuPG::Interface->new();
$gpg->call( $CONFIG{'gpg'} );
$gpg->options->hash_init(
'homedir' => $GNUPGHOME,
- 'extra_args' => '--keyserver='.$CONFIG{'keyserver'} );
+ 'extra_args' => [ qw{ --no-auto-check-trustdb --trust-model=always }, '--keyserver='.$CONFIG{'keyserver'} ] );
$gpg->options->meta_interactive( 0 );
my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
-
- my @local_keyids = @KEYIDS;
- for my $keyid (@local_keyids) {
- info ("fetching $keyid...");
- my $pid = $gpg->recv_keys(handles => $handles, command_args => [ $keyid ]);
- my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd);
- waitpid $pid, 0;
+ my $pid = $gpg->recv_keys(handles => $handles, command_args => [ @KEYIDS ]);
+ my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd);
+ waitpid $pid, 0;
# [GNUPG:] IMPORT_OK 0 5B00C96D5D54AEE1206BAF84DE7AAF6E94C09C7F
# [GNUPG:] NODATA 1
# [GNUPG:] NODATA 1
# [GNUPG:] IMPORT_OK 0 25FC1614B8F87B52FF2F99B962AF4031C82E0039
- my $handled = 0;
- for my $line (split /\n/, $status) {
- if ($line =~ /^\[GNUPG:\] IMPORT_OK \d+ ([0-9A-F]{40})/) {
- my $imported_key = $1;
- if ($keyid ne $imported_key &&
- $keyid ne substr($imported_key, -16) &&
- $keyid ne substr($imported_key, -8)) {
- warn("Imported unexpected key. expected: $keyid; got: $imported_key.\n");
- next;
- };
- push @keyids_ok, $keyid;
- shift @KEYIDS;
- $handled = 1;
- last;
- } elsif ($line =~ /^\[GNUPG:\] NODATA/) {
- push @keyids_failed, $keyid;
- shift @KEYIDS;
- $handled = 1;
- last;
+ my %local_keyids = map { $_ => 1 } @KEYIDS;
+ my $had_v3_keys = 0;
+ for my $line (split /\n/, $status) {
+ if ($line =~ /^\[GNUPG:\] IMPORT_OK \d+ ([0-9A-F]{40})/) {
+ my $imported_key = $1;
+ my $whole_fpr = $imported_key;
+ my $long_keyid = substr($imported_key, -16);
+ my $short_keyid = substr($imported_key, -8);
+ my $speced_key;
+ for my $spec (($whole_fpr, $long_keyid, $short_keyid)) {
+ $speced_key = $spec if $local_keyids{$spec};
};
- };
- unless ($handled) {
- notice ("Huh, what's up with $keyid?");
- push @keyids_failed, $keyid;
- shift @KEYIDS;
- };
+ unless ($speced_key) {
+ notice ("Imported unexpected key; got: $imported_key\n");
+ next;
+ };
+ debug ("Imported $imported_key for $speced_key");
+ delete $local_keyids{$speced_key};
+ unshift @keyids_ok, $imported_key;
+ } elsif ($line =~ /^\[GNUPG:\] (NODATA|IMPORT_RES|IMPORTED) /) {
+ } elsif ($line =~ /^\[GNUPG:\] IMPORT_OK \d+ ([0-9A-F]{32})/) {
+ my $imported_key = $1;
+ notice ("Imported key $1 is a version 3 key. Version 3 keys are obsolete, should not be used, and are not and will not be properly supported.");
+ $had_v3_keys = 1;
+ } else {
+ notice ("got unknown reply from gpg: $line");
+ }
};
- die ("Still keys in \@KEYIDS. This should not happen.") if scalar @KEYIDS;
- notice ("Import failed for: ". (join ' ', @keyids_failed).".") if scalar @keyids_failed;
+ if (scalar %local_keyids) {
+ notice ("Import failed for: ". (join ' ', keys %local_keyids)."." . ($had_v3_keys ? " (Or maybe it's one of those ugly v3 keys?)" : ""));
+ exit 1 unless ask ("Some keys could not be imported - continue anyway?", 0);
+ }
};
+unless (@keyids_ok) {
+ notice ("No keys to sign found");
+ exit 0;
+}
+
###########
# sign keys
###########
+if ($CONFIG{'ask-sign'} && ! $CONFIG{'no-sign'}) {
+ $CONFIG{'no-sign'} = ! ask("Continue with signing?", 1);
+}
+
unless ($CONFIG{'no-sign'}) {
info("Sign the following keys according to your policy, then exit gpg with 'save' after signing each key");
for my $keyid (@keyids_ok) {
push @command, '--local-user', $USER if (defined $USER);
push @command, "--homedir=$GNUPGHOME";
push @command, '--secret-keyring', $CONFIG{'secret-keyring'};
+ push @command, '--no-auto-check-trustdb';
+ push @command, '--trust-model=always';
push @command, '--edit', $keyid;
push @command, 'sign';
+ push @command, split ' ', $CONFIG{'gpg-sign-args'} || "";
print join(' ', @command),"\n";
system (@command);
};
#################
my $gpg = GnuPG::Interface->new();
$gpg->call( $CONFIG{'gpg'} );
- $gpg->options->hash_init( 'homedir' => $GNUPGHOME );
+ $gpg->options->hash_init(
+ 'homedir' => $GNUPGHOME,
+ 'extra_args' => [ qw{ --no-auto-check-trustdb --trust-model=always --with-colons --fixed-list-mode } ] );
$gpg->options->meta_interactive( 0 );
my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
- $gpg->options->hash_init( 'extra_args' => [ '--with-colons', '--fixed-list-mode' ] );
my $pid = $gpg->list_public_keys(handles => $handles, command_args => [ $keyid ]);
my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd);
waitpid $pid, 0;
$gpg->call( $CONFIG{'gpg-delsig'} );
$gpg->options->hash_init(
'homedir' => $tempdir,
- 'extra_args' => [ '--with-colons', '--fixed-list-mode', '--command-fd=0', '--no-tty' ] );
+ 'extra_args' => [ qw{ --no-auto-check-trustdb --trust-model=always --with-colons --fixed-list-mode --command-fd=0 --no-tty } ] );
($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
$pid = $gpg->wrap_call(
commands => [ '--edit' ],
if ($signed_by_me) {
if ($NOW - $signed_by_me > $CONFIG{'export-sig-age'} ) {
- my $write = ask("Signature on $this_uid_text is old. Export?", 0);
+ my $write = ask("Signature on $this_uid_text is old. Export?", 0, $params->{'export-old'}, $params->{'no-export-old'});
next unless $write;
};
my $keydir = "$KEYSBASE/$DATE_STRING";
if (!$uid->{'is_uat'} && ($uid->{'text'} =~ /@/)) {
my $address = $uid->{'text'};
$address =~ s/.*<(.*)>.*/$1/;
- if ($CONFIG{'mail'} or ask("Send mail to '$address' for $uid->{'text'}?", 1)) {
+ if (ask("Mail signature for $uid->{'text'} to '$address'?", 1, $CONFIG{'mail'})) {
my $mail = send_mail($address, $can_encrypt, $longkeyid, $uid, @attached);
my $keydir = "$KEYSBASE/$DATE_STRING";
projects / pgp-tools.git / blobdiff