=item B<gpg-sign-args> [string]
-Additional arguments to pass to gpg. Default: none.
+Additional arguments to pass to gpg. Default: none.
=head2 Keyserver settings
If true, then skip the signing step. Default: B<0>.
+=item B<ask-sign> [boolean]
+
+If true, then pause before continuing to the signing step.
+This is useful for offline signing. Default: B<0>.
+
=item B<export-sig-age> [seconds]
Don't export UIDs by default, on which your latest signature is older
die ("keyid is not defined.\n") unless defined $CONFIG{'keyid'};
die ("keyid is not an array ref\n") unless (ref $CONFIG{'keyid'} eq 'ARRAY');
for my $keyid (@{$CONFIG{'keyid'}}) {
- $keyid =~ /^[A-Fa-z0-9]{16}$/ or die ("key $keyid is not a long (16 digit) keyid.\n");
+ $keyid =~ /^[A-Fa-f0-9]{16}$/ or die ("key $keyid is not a long (16 digit) keyid.\n");
};
@{$CONFIG{'keyid'}} = map { uc } @{$CONFIG{'keyid'}};
$CONFIG{'export-sig-age'}= 24*60*60 unless defined $CONFIG{'export-sig-age'};
$OUT .= "\t".$uid."\n";
};} of your key {$key} signed by me.
-Note that I did not upload your key to any keyservers. If you want this
-new signature to be available to others, please upload it yourself.
-With GnuPG this can be done using
+Note that I did not upload your key to any keyservers.
+If you have multiple user ids, I sent the signature for each user id
+separately to that user id's associated email address. You can import
+the signatures by running each through `gpg --import`.
+
+If you want this new signature to be available to others, please upload
+it yourself. With GnuPG this can be done using
gpg --keyserver subkeys.pgp.net --send-key {$key}
If you have any questions, don't hesitate to ask.
if ($params->{'local-user'}) {
$USER = $params->{'local-user'};
$USER =~ s/^0x//i;
- unless ($USER =~ /^([A-Z0-9]{8}|[A-Z0-9]{16}|[A-Z0-9]{40})$/i) {
+ unless ($USER =~ /^([A-F0-9]{8}|[A-F0-9]{16}|[A-F0-9]{40})$/i) {
print STDERR "-u $USER is not a keyid.\n";
usage(\*STDERR, 1);
};
for my $keyid (@ARGV) {
$keyid =~ s/^0x//i;
- unless ($keyid =~ /^([A-Z0-9]{8}|[A-Z0-9]{16}||[A-Z0-9]{40})$/i) {
+ unless ($keyid =~ /^([A-F0-9]{8}|[A-F0-9]{16}||[A-F0-9]{40})$/i) {
print STDERR "$keyid is not a keyid.\n";
usage(\*STDERR, 1);
};
###########
# sign keys
###########
+if ($CONFIG{'ask-sign'} && ! $CONFIG{'no-sign'}) {
+ $CONFIG{'no-sign'} = ! ask("Continue with signing?", 1);
+}
+
unless ($CONFIG{'no-sign'}) {
info("Sign the following keys according to your policy, then exit gpg with 'save' after signing each key");
for my $keyid (@keyids_ok) {
push @command, '--local-user', $USER if (defined $USER);
push @command, "--homedir=$GNUPGHOME";
push @command, '--secret-keyring', $CONFIG{'secret-keyring'};
- push @command, split ' ', $CONFIG{'gpg-sign-args'} || "";
push @command, '--edit', $keyid;
push @command, 'sign';
+ push @command, split ' ', $CONFIG{'gpg-sign-args'} || "";
print join(' ', @command),"\n";
system (@command);
};