# caff -- CA - Fire and Forget
# $Id$
#
-# Copyright (c) 2004, 2005 Peter Palfrader <peter@palfrader.org>
+# Copyright (c) 2004, 2005
, 2006 Peter Palfrader <peter@palfrader.org>
# Copyright (c) 2005, 2006 Christoph Berg <cb@df7cb.de>
#
# All rights reserved.
=item B<-u> I<yourkeyid>, B<--local-user> I<yourkeyid>
Select the key that is used for signing, in case you have more than one key.
+To sign with multiple keys at once, separate multiple keyids by comma.
=item B<--key-file> I<file>
=item $HOME/.caff/gnupghome/gpg.conf - gpg configuration
-useful options include use-agent, default-cert-level, etc.
+useful options include use-agent, keyserver-options, default-cert-level, etc.
=back
Example:
- $CONFIG{owner} = q{Peter Palfrader};
- $CONFIG{email} = q{peter@palfrader.org};
- $CONFIG{keyid} = [ qw{DE7AAF6E94C09C7F 62AF4031C82E0039} ];
+ $CONFIG{'owner'} = q{Peter Palfrader};
+ $CONFIG{'email'} = q{peter@palfrader.org};
+ $CONFIG{'keyid'} = [ qw{DE7AAF6E94C09C7F 62AF4031C82E0039} ];
=head2 Required basic settings
Path to your secret keyring. Default: B<$HOME/.gnupg/secring.gpg>.
-=item B<also-encrypt-to> [list of keyids]
+=item B<also-encrypt-to> [keyid, or list of keyids]
Additional keyids to encrypt messages to. Default: none.
=item B<gpg-sign-args> [string]
-Additional arguments to pass to gpg. Default: none.
+Additional commands to pass to gpg after the "sign" command.
+Default: none.
=head2 Keyserver settings
Don't export UIDs by default, on which your latest signature is older
than this age. Default: B<24*60*60> (i.e. one day).
-=item B<local-user> [string]
+=item B<local-user> [keyid, or list of keyids]
Select the key that is used for signing, in case you have more than one key.
+With multiple keyids, sign with each key in turn.
=head2 Mail settings
=item B<no-mail> [boolean]
Do not prompt for sending mail. The messages are still written to
-$CONFIG{caffhome}/keys/. Default: B<0>.
+$CONFIG{'caffhome'}/keys/. Default: B<0>.
=item B<mail-template> [string]
Parameters to pass to Mail::Mailer.
This could for example be
- $CONFIG{mailer-send} = [ 'smtp', Server => 'mail.server', Auth => ['user', 'pass'] ]
+ $CONFIG{'mailer-send'} = [ 'smtp', Server => 'mail.server', Auth => ['user', 'pass'] ];
to use the perl SMTP client or
- $CONFIG{mailer-send} = [ 'sendmail', '-o8' ]
+ $CONFIG{'mailer-send'} = [ 'sendmail', '-o8' ];
to pass arguments to the sendmail program.
For more information run C<< perldoc Mail::Mailer >>.
use File::Temp qw{tempdir};
use Text::Template;
use MIME::Entity;
+use Encode;
use Fcntl;
use IO::Select;
use Getopt::Long;
# \$CONFIG{'keyid'} = [ qw{0123456789ABCDEF 89ABCDEF76543210} ];
$Ckeys\$CONFIG{'keyid'} = [ qw{@keys} ];
-# Additionally encrypt messages sent to these keyids
+# Select this/these keys to sign with
+#\$CONFIG{'local-user'} = [ qw{@keys} ];
+
+# Additionally encrypt messages for these keyids
#\$CONFIG{'also-encrypt-to'} = [ qw{@keys} ];
# Mail template to use for the encrypted part
check_executable("gpg", $CONFIG{'gpg'});
check_executable("gpg-sign", $CONFIG{'gpg-sign'});
check_executable("gpg-delsig", $CONFIG{'gpg-delsig'});
- $CONFIG{'secret-keyring'} = $ENV{'HOME'}.'/.gnupg/secring.gpg' unless defined $CONFIG{'secret-keyring'};
+ $CONFIG{'secret-keyring'} = ($ENV{'GNUPGHOME'} || "$ENV{'HOME'}/.gnupg") . '/secring.gpg'
+ unless defined $CONFIG{'secret-keyring'};
$CONFIG{'no-download'} = 0 unless defined $CONFIG{'no-download'};
$CONFIG{'no-sign'} = 0 unless defined $CONFIG{'no-sign'};
$CONFIG{'key-files'} = () unless defined $CONFIG{'key-files'};
if (ref($CONFIG{'also-encrypt-to'})) {
$gpg->options->push_recipients($_)
foreach @{$CONFIG{'also-encrypt-to'}};
- } else { # old syntax
+ } else {
$gpg->options->push_recipients($CONFIG{'also-encrypt-to'});
}
}
$message_entity->head->add("Subject", "Your signed PGP key 0x$key_id");
$message_entity->head->add("To", $address);
- $message_entity->head->add("From", '"'.$CONFIG{'owner'}.'" <'.$CONFIG{'email'}.'>');
+ $message_entity->head->add("From", '"'.Encode::encode('MIME-Q', $CONFIG{'owner'}).'" <'.$CONFIG{'email'}.'>');
$message_entity->head->add("Reply-To", $CONFIG{'reply-to'}) if defined $CONFIG{'reply-to'};
$message_entity->head->add("Bcc", $CONFIG{'bcc'}) if defined $CONFIG{'bcc'};
$message_entity->head->add("User-Agent", $USER_AGENT);
};
-
-my $USER;
+###################
+# argument handling
+###################
my @KEYIDS;
my $params;
$CONFIG{'no-sign'} = $params->{'no-sign'} if defined $params->{'no-sign'};
push @{$CONFIG{'key-files'}}, @{$params->{'key-files'}} if defined $params->{'key-files'};
-if ($CONFIG{'local-user'}) {
- $USER = $CONFIG{'local-user'};
- $USER =~ s/^0x//i;
- unless ($USER =~ /^([A-F0-9]{8}|[A-F0-9]{16}|[A-F0-9]{40})$/i) {
- print STDERR "Local-user $USER is not a keyid.\n";
- usage(\*STDERR, 1);
- };
- $USER = uc($USER);
-};
-
for my $keyid (@ARGV) {
$keyid =~ s/^0x//i;
- unless ($keyid =~ /^([A-F0-9]{8}|[A-F0-9]{16}||[A-F0-9]{40})$/i) {
- if ($keyid =~ /^[A-F0-9]{32}$/) {
- info("Ignoring v3 fingerprint $keyid. v3 keys are obsolete.");
- next;
- };
+ if ($keyid =~ /^[A-F0-9]{32}$/i) {
+ info("Ignoring v3 fingerprint $keyid. v3 keys are obsolete.");
+ next;
+ };
+ if ($keyid !~ /^([A-F0-9]{8}|[A-F0-9]{16}|[A-F0-9]{40})$/i) {
print STDERR "$keyid is not a keyid.\n";
usage(\*STDERR, 1);
};
if (scalar %local_keyids) {
notice ("Import failed for: ". (join ' ', keys %local_keyids)."." . ($had_v3_keys ? " (Or maybe it's one of those ugly v3 keys?)" : ""));
exit 1 unless ask ("Some keys could not be imported - continue anyway?", 0);
- if (scalar %local_keyids == 1) {
+ if (scalar keys %local_keyids == 1) {
mywarn("Assuming ". (join ' ', keys %local_keyids)." is a fine keyid.");
} else {
mywarn("Assuming ". (join ' ', keys %local_keyids)." are fine keyids.");
}
unless ($CONFIG{'no-sign'}) {
+ my @local_user;
+ if ($CONFIG{'local-user'}) {
+ if (ref($CONFIG{'local-user'})) {
+ @local_user = @{$CONFIG{'local-user'}};
+ } else {
+ @local_user = split /\s*,\s*/, $CONFIG{'local-user'};
+ };
+ foreach (@local_user) {
+ s/^0x//i;
+ unless (/^([A-F0-9]{8}|[A-F0-9]{16}|[A-F0-9]{40})$/i) {
+ print STDERR "Local-user $_ is not a keyid.\n";
+ usage(\*STDERR, 1);
+ };
+ $_ = uc($_);
+ };
+ } else {
+ @local_user = (undef);
+ };
+
info("Sign the following keys according to your policy, then exit gpg with 'save' after signing each key");
for my $keyid (@keyids_ok) {
- my @command;
- push @command, $CONFIG{'gpg-sign'};
- push @command, '--local-user', $USER if (defined $USER);
- push @command, "--homedir=$GNUPGHOME";
- push @command, '--secret-keyring', $CONFIG{'secret-keyring'};
- push @command, '--no-auto-check-trustdb';
- push @command, '--trust-model=always';
- push @command, '--edit', $keyid;
- push @command, 'sign';
- push @command, split ' ', $CONFIG{'gpg-sign-args'} || "";
- print join(' ', @command),"\n";
- system (@command);
+ foreach my $local_user (@local_user) {
+ my @command;
+ push @command, $CONFIG{'gpg-sign'};
+ push @command, '--local-user', $local_user if (defined $local_user);
+ push @command, "--homedir=$GNUPGHOME";
+ push @command, '--secret-keyring', $CONFIG{'secret-keyring'};
+ push @command, '--no-auto-check-trustdb';
+ push @command, '--trust-model=always';
+ push @command, '--edit', $keyid;
+ push @command, 'sign';
+ push @command, split ' ', $CONFIG{'gpg-sign-args'} || "";
+ print join(' ', @command),"\n";
+ system (@command);
+ };
};
};
projects / pgp-tools.git / blobdiff