more documentation

git-svn-id: svn://svn.debian.org/pgp-tools/trunk@108 b513b33f-fedd-0310-b452-c3deb5f4c849

diff --git a/caff/README.many-keys b/caff/README.many-keys
new file mode 100644 (file)
index 0000000..ce57d5e
--- /dev/null
+++ b/caff/README.many-keys
@@ -0,0 +1,43 @@
+Using caff to sign lots of keys
+-------------------------------
+
+If you have loads of keys to sign (sometimes, there are keysigning parties with
+more than 100 participants), keysigning can be arkward, even with caff. It gets
+worse if you have multiple local keys and want to sign with all.
+
+Some hints to get the signing done faster:
+
+* Use fingerprints instead of key ids.
+
+  caff and gpg allow you to specify the full fingerprint. This will save you
+  from having to check the fingerprint yourself. If you have a text file with
+  all fingerprints, use that and then run
+
+  $ caff <options> `cat ksp-fingerprints.txt`
+
+* v3 keys are evil.
+
+  Sign v3 separately. Batch processing does not work. See README.v3-keys.
+
+* Use multiple passes.
+
+  Going through retrieving, signing, and mailing keys can help, e.g.:
+
+  $ caff -SEM `cat ksp-fingerprints.txt`
+  $ caff -REM `cat ksp-fingerprints.txt`
+  $ caff -RSE `cat ksp-fingerprints.txt`
+
+* If you have multiple local keys, only send mail once after signing with all.
+
+  caff will send out all previously done signatures in the message. (Of course
+  you have to configure $CONFIG{'keyid'} to contain all your key ids.)
+
+  $ caff -EM -u <mykey1> <other_key>
+  $ caff -RE -u <mykey2> <other_key>
+
+* Use gpg-agent.
+
+  See README.gpg-agent.
+
+ -- Christoph Berg <cb@df7cb.de>  Sat,  2 Jul 2005 21:22:07 +0200
+

diff --git a/caff/README.v3-keys b/caff/README.v3-keys
new file mode 100644 (file)
index 0000000..4eefc5f
--- /dev/null
+++ b/caff/README.v3-keys
@@ -0,0 +1,24 @@
+v3 keys are evil
+----------------
+
+The good thing about v4 keys is that the fingerprint ends contains the 8 byte
+(16 char) key id at the and and that the 8 byte key id likewise ends in the 4
+byte key id. For v3 keys it does not. This, and some issues with HKP key
+servers make the handling of v3 a PITA.
+
+To sign v3 keys with caff, do the following:
+
+$ caff <keyid>
+
+The key will be imported from the keyserver, but caff thinks it failed. Now run
+caff again with -R:
+
+$ caff -R <keyid>
+
+Since the key is already there, caff will proceed.
+
+
+Of course, this could be automated... patches welcome :)
+
+ -- Christoph Berg <cb@df7cb.de>  Sat,  2 Jul 2005 21:34:48 +0200
+