Select the key that is used for signing, in case you have more than one key.
+=item B<--key-file> I<file>
+
+Import keys from file. Can be supplied more than once.
+
=back
=head1 FILES
=item $HOME/.caffrc - configuration file
+=item $HOME/.caff/keys/yyyy-mm-dd/ - processed keys
+
+=item $HOME/.caff/gnupghome/ - caff's working dir for gpg
+
+=item $HOME/.caff/gnupghome/gpg.conf - gpg configuration
+
+useful options include use-agent, default-cert-level, etc.
+
=back
=head1 CONFIGURATION FILE OPTIONS
The configuration file is a perl script that sets values in the hash B<%CONFIG>.
+The file is generated when it does not exist.
Example:
If true, then skip the step of fetching keys from the keyserver.
Default: B<0>.
+=item B<key-files> [list of files]
+
+A list of files containing keys to be imported.
+
=head2 Signing settings
=item B<no-sign> [boolean]
http://pgp-tools.alioth.debian.org/
+=head1 SEE ALSO
+
+gpg(1), pgp-clean(1), /usr/share/doc/signing-party/examples/caffrc.sample.
+
=cut
use strict;
my ($REVISION_NUMER) = $REVISION =~ /(\d+)/;
my $VERSION = "0.0.0.$REVISION_NUMER";
+sub generate_config() {
+ die "Error: \$LOGNAME is not set.\n" unless $ENV{LOGNAME};
+ my $gecos = (getpwnam($ENV{LOGNAME}))[6];
+ $gecos =~ s/,.*//;
+
+ my $gpg = GnuPG::Interface->new();
+ $gpg->call( 'gpg' );
+ $gpg->options->hash_init(
+ 'extra_args' => [ qw{ --no-auto-check-trustdb --trust-model=always --with-colons --fixed-list-mode } ] );
+ $gpg->options->meta_interactive( 0 );
+ my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
+ my $pid = $gpg->list_public_keys(handles => $handles, command_args => [ $gecos ]);
+ my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd);
+ waitpid $pid, 0;
+
+ if ($stdout eq '') {
+ warn ("No data from gpg for list-key\n"); # There should be at least 'tru:' everywhere.
+ };
+
+ my @keys;
+ unless (@keys = ($stdout =~ /^pub:[^r:]*:(?:[^:]*:){2,2}([^:]+):/mg)) {
+ die "Error: No keys were found using \"gpg --list-public-keys '$gecos'\".\n";
+ }
+ unless ($stdout =~ /^uid:.*<(.+@.+)>.*:/m) {
+ die "Error: No email address was found using \"gpg --list-public-keys '$gecos'\".\n";
+ }
+ my $email = $1;
+
+ return <<EOT;
+# .caffrc -- vim:syntax=perl:
+# This file is in perl(1) format - see caff(1) for details.
+
+\$CONFIG{'owner'} = '$gecos';
+\$CONFIG{'email'} = '$email';
+
+# you can get your long keyid from
+# gpg --with-colons --list-key <yourkeyid|name|emailaddress..>
+#
+# if you have a v4 key, it will simply be the last 16 digits of
+# your fingerprint.
+
+\$CONFIG{'keyid'} = [ qw{@keys} ];
+EOT
+};
+
sub load_config() {
my $config = $ENV{'HOME'} . '/.caffrc';
- -f $config or die "No file $config present. See caff(1).\n";
+ unless (-f $config) {
+ print "No configfile $config present, I will use this template:\n";
+ my $template = generate_config();
+ print "$template\nPress enter to continue.";
+ <STDIN>;
+ open F, ">$config" or die "$config: $!";
+ print F $template;
+ close F;
+ }
unless (scalar eval `cat $config`) {
die "Couldn't parse $config: $EVAL_ERROR\n" if $EVAL_ERROR;
};
$CONFIG{'secret-keyring'} = $ENV{'HOME'}.'/.gnupg/secring.gpg' unless defined $CONFIG{'secret-keyring'};
$CONFIG{'no-download'} = 0 unless defined $CONFIG{'no-download'};
$CONFIG{'no-sign'} = 0 unless defined $CONFIG{'no-sign'};
+ $CONFIG{'key-files'} = () unless defined $CONFIG{'key-files'};
$CONFIG{'mail-template'} = <<'EOM' unless defined $CONFIG{'mail-template'};
Hi,
sub ask($$;$$) {
my ($question, $default, $forceyes, $forceno) = @_;
- return $default if $forceyes and $forceno;
- return 1 if $forceyes;
- return 0 if $forceno;
my $answer;
+ my $yn = $default ? '[Y/n]' : '[y/N]';
while (1) {
- print $question,' ',($default ? '[Y/n]' : '[y/N]'), ' ';
+ print $question,' ',$yn, ' ';
+ if ($forceyes && $forceno) {
+ print "$default (from config/command line)\n";
+ return $default;
+ };
+ if ($forceyes) {
+ print "YES (from config/command line)\n";
+ return 1;
+ };
+ if ($forceno) {
+ print "NO (from config/command line)\n";
+ return 0;
+ };
+
$answer = <STDIN>;
+ if (!defined $answer) {
+ $OUTPUT_AUTOFLUSH = 1;
+ die "\n\n".
+ "End of STDIN reached. Are you using xargs? Caff wants to read from STDIN,\n".
+ "so you can't really use it with xargs. A patch against caff to read from\n".
+ "the terminal would be appreciated.\n".
+ "For now instead of cat keys | xargs caff do caff `cat keys`\n";
+ };
chomp $answer;
- last if ((defined $answer) && (length $answer <= 1));
- print "grrrrrr.\n";
+ last if ((length $answer == 0) || ($answer =~ m/^[yYnN]$/) );
+ print "What about $yn is so hard to understand?\nAnswer with either 'n' or 'y' or just press enter for the default.\n";
sleep 1;
};
my $result = $default;
Type => "application/pgp-keys",
Disposition => 'attachment',
Encoding => "7bit",
- Description => "PGP Key 0x$key_id, uid ".($key->{'text'}).' ('.($key->{'serial'}).')',
+ Description => "PGP Key 0x$key_id, uid ".($key->{'text'}).' ('.($key->{'serial'}).'), signed by 0x'.$CONFIG{'keyid'}[0],
Data => $key->{'key'},
- Filename => "0x$key_id.".$key->{'serial'}.".asc");
+ Filename => "0x$key_id.".$key->{'serial'}.".signed-by-0x".$CONFIG{'keyid'}[0].".asc");
};
if ($can_encrypt) {
'--no-download' => \$params->{'no-download'},
'-S' => \$params->{'no-sign'},
'--no-sign' => \$params->{'no-sign'},
+ '--key-file=s@' => \$params->{'key-files'},
)) {
usage(\*STDERR, 1);
};
for my $keyid (@ARGV) {
$keyid =~ s/^0x//i;
unless ($keyid =~ /^([A-F0-9]{8}|[A-F0-9]{16}||[A-F0-9]{40})$/i) {
+ if ($keyid =~ /^[A-F0-9]{32}$/) {
+ info("Ignoring v3 fingerprint $keyid. v3 keys are obsolete.");
+ next;
+ };
print STDERR "$keyid is not a keyid.\n";
usage(\*STDERR, 1);
};
$CONFIG{'no-mail'} = $params->{'no-mail'} if defined $params->{'no-mail'};
$CONFIG{'mail'} = $params->{'mail'} if defined $params->{'mail'};
$CONFIG{'no-sign'} = $params->{'no-sign'} if defined $params->{'no-sign'};
+push @{$CONFIG{'key-files'}}, @{$params->{'key-files'}} if defined $params->{'key-files'};
#################
}
}
+########################
+# import keys from files
+########################
+foreach my $keyfile (@{$CONFIG{'key-files'}}) {
+ my $gpg = GnuPG::Interface->new();
+ $gpg->call( $CONFIG{'gpg'} );
+ $gpg->options->hash_init('homedir' => $GNUPGHOME);
+ $gpg->options->meta_interactive( 0 );
+ my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds();
+ my $pid = $gpg->import_keys(handles => $handles, command_args => $keyfile);
+ my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd);
+ info ("Importing keys from $keyfile");
+ waitpid $pid, 0;
+ if ($status !~ /^\[GNUPG:\] IMPORT_OK/m) {
+ warn $stderr;
+ }
+}
+
#############################
# receive keys from keyserver
#############################
if (!$uid->{'is_uat'} && ($uid->{'text'} =~ /@/)) {
my $address = $uid->{'text'};
$address =~ s/.*<(.*)>.*/$1/;
- if (ask("Send mail to '$address' for $uid->{'text'}?", 1, $CONFIG{'mail'})) {
+ if (ask("Mail signature for $uid->{'text'} to '$address'?", 1, $CONFIG{'mail'})) {
my $mail = send_mail($address, $can_encrypt, $longkeyid, $uid, @attached);
my $keydir = "$KEYSBASE/$DATE_STRING";
projects / pgp-tools.git / blobdiff