X-Git-Url: https://git.sthu.org/?a=blobdiff_plain;f=caff%2Fcaff;h=c4365e8ee96c926feb2fa80959ca8633dc72bce7;hb=726ad0bda960ff354b5464efc05fa6f112761b5b;hp=013ebaa7b7eea92da00e69423384e7f668b0037b;hpb=5f021c393cfd6dabe126a9a6c1e8d19775eda517;p=pgp-tools.git diff --git a/caff/caff b/caff/caff index 013ebaa..c4365e8 100755 --- a/caff/caff +++ b/caff/caff @@ -156,7 +156,7 @@ An additional keyid to encrypt messages to. Default: none. =item B [string] -Additional arguments to pass to gpg. Default: none. +Additional arguments to pass to gpg. Default: none. =head2 Keyserver settings @@ -175,6 +175,11 @@ Default: B<0>. If true, then skip the signing step. Default: B<0>. +=item B [boolean] + +If true, then pause before continuing to the signing step. +This is useful for offline signing. Default: B<0>. + =item B [seconds] Don't export UIDs by default, on which your latest signature is older @@ -266,7 +271,7 @@ sub load_config() { die ("keyid is not defined.\n") unless defined $CONFIG{'keyid'}; die ("keyid is not an array ref\n") unless (ref $CONFIG{'keyid'} eq 'ARRAY'); for my $keyid (@{$CONFIG{'keyid'}}) { - $keyid =~ /^[A-Fa-z0-9]{16}$/ or die ("key $keyid is not a long (16 digit) keyid.\n"); + $keyid =~ /^[A-F0-9]{16}$/i or die ("key $keyid is not a long (16 digit) keyid.\n"); }; @{$CONFIG{'keyid'}} = map { uc } @{$CONFIG{'keyid'}}; $CONFIG{'export-sig-age'}= 24*60*60 unless defined $CONFIG{'export-sig-age'}; @@ -285,9 +290,13 @@ please find attached the user id{(scalar @uids >= 2 ? 's' : '')}. $OUT .= "\t".$uid."\n"; };} of your key {$key} signed by me. -Note that I did not upload your key to any keyservers. If you want this -new signature to be available to others, please upload it yourself. -With GnuPG this can be done using +Note that I did not upload your key to any keyservers. +If you have multiple user ids, I sent the signature for each user id +separately to that user id's associated email address. You can import +the signatures by running each through `gpg --import`. + +If you want this new signature to be available to others, please upload +it yourself. With GnuPG this can be done using gpg --keyserver subkeys.pgp.net --send-key {$key} If you have any questions, don't hesitate to ask. @@ -706,7 +715,7 @@ usage(\*STDERR, 1) unless scalar @ARGV >= 1; if ($params->{'local-user'}) { $USER = $params->{'local-user'}; $USER =~ s/^0x//i; - unless ($USER =~ /^([A-Z0-9]{8}|[A-Z0-9]{16}|[A-Z0-9]{40})$/i) { + unless ($USER =~ /^([A-F0-9]{8}|[A-F0-9]{16}|[A-F0-9]{40})$/i) { print STDERR "-u $USER is not a keyid.\n"; usage(\*STDERR, 1); }; @@ -715,7 +724,7 @@ if ($params->{'local-user'}) { for my $keyid (@ARGV) { $keyid =~ s/^0x//i; - unless ($keyid =~ /^([A-Z0-9]{8}|[A-Z0-9]{16}||[A-Z0-9]{40})$/i) { + unless ($keyid =~ /^([A-F0-9]{8}|[A-F0-9]{16}||[A-F0-9]{40})$/i) { print STDERR "$keyid is not a keyid.\n"; usage(\*STDERR, 1); }; @@ -814,6 +823,10 @@ unless (@keyids_ok) { ########### # sign keys ########### +if ($CONFIG{'ask-sign'} && ! $CONFIG{'no-sign'}) { + $CONFIG{'no-sign'} = ! ask("Continue with signing?", 1); +} + unless ($CONFIG{'no-sign'}) { info("Sign the following keys according to your policy, then exit gpg with 'save' after signing each key"); for my $keyid (@keyids_ok) { @@ -822,10 +835,9 @@ unless ($CONFIG{'no-sign'}) { push @command, '--local-user', $USER if (defined $USER); push @command, "--homedir=$GNUPGHOME"; push @command, '--secret-keyring', $CONFIG{'secret-keyring'}; - push @command, split ' ', $CONFIG{'gpg-sign-args'} || ""; push @command, '--edit', $keyid; push @command, 'sign'; - push @command, 'save'; + push @command, split ' ', $CONFIG{'gpg-sign-args'} || ""; print join(' ', @command),"\n"; system (@command); };