X-Git-Url: https://git.sthu.org/?a=blobdiff_plain;f=caff%2FREADME;h=e0333f71bd95c5a026eb35c7b8c820f6b30c7c76;hb=e2bc363cc54227e51a80dbddb849320412c6e198;hp=95898d0dcc3bff0643b417bddca0d6ba9dd7774f;hpb=8f1e7567d62681751931472492f74e8f48d37f3c;p=pgp-tools.git diff --git a/caff/README b/caff/README index 95898d0..e0333f7 100644 --- a/caff/README +++ b/caff/README @@ -1,42 +1,43 @@ caff -- CA - fire and forget +============================== caff is a script that helps you in keysigning. It takes a list of keyids on the command line, fetches them from a keyserver and calls GnuPG so that you can sign it. It then mails each key to all its email addresses - only including the one UID that we send to in each -mail. - -Features: - * Easy to setup. - * Attaches only the very UID that we send to in the mail. - * Prunes the key from all signatures that are not self sigs and - not done by you, thereby greatly reducing the size of mails. - * Sends the mail encrypted if possible, will warn before sending - unencrypted mail (sign only keys) - * Creates proper PGP MIME messages. - * Uses separate GNUPGHOME for all its operations. - -Special Requirements: - * GnuPG 1.3.92 or later. - -Discussion: +mail, pruned from all but self sigs and sigs done by you. The mailed +key is encrypted with itself as a means to verify that key belongs to +the recipient. Since we do not upload the new signatures, or import them into our main keyring, the signature only gets public if: - - the email address is valid + - the email address is valid, and - the person reading the email can decrypt the mail (if it was sent encrypted). - Therefore we achieve the same level of security as common Challenge -Repsonse systems like CABot, without all the extra hassle of those +Response systems like CABot, without all the extra hassle of those systems. +FEATURES +-------- + * Easy to setup. + * Attaches only the very UID that we send to in the mail. + * Prunes the key from all signatures that are not self sigs and + not done by you, thereby greatly reducing the size of mails. + * Sends the mail encrypted if possible, will warn before sending + unencrypted mail (sign only keys) + * Creates proper PGP MIME messages. + * Uses separate GNUPGHOME for all its operations. -Dependencies: gnupg (>= 1.3.92), perl, libgnupg-interface-perl, libmime-perl, libmailtools-perl (>= 1.62), mailx +DEPENDENCIES +------------ + gnupg (>= 1.3.92), perl, libgnupg-interface-perl, + libtext-template-perl, libmime-perl, libmailtools-perl (>= 1.62) -INSTALLATION NOTES +INSTALLATION +------------ After creating a ~/.caffrc from the template, caff almost works out of the box.