caff -- CA - fire and forget
+==============================
caff is a script that helps you in keysigning. It takes a list of
keyids on the command line, fetches them from a keyserver and calls
key is encrypted with itself as a means to verify that key belongs to
the recipient.
-Features:
+Since we do not upload the new signatures, or import them into our
+main keyring, the signature only gets public if:
+ - the email address is valid, and
+ - the person reading the email can decrypt the mail (if it was sent
+ encrypted).
+Therefore we achieve the same level of security as common Challenge
+Response systems like CABot, without all the extra hassle of those
+systems.
+
+FEATURES
+--------
+
* Easy to setup.
* Attaches only the very UID that we send to in the mail.
* Prunes the key from all signatures that are not self sigs and
* Creates proper PGP MIME messages.
* Uses separate GNUPGHOME for all its operations.
-Special Requirements:
- * GnuPG 1.3.92 or later.
+DEPENDENCIES
+------------
-Discussion:
+ gnupg (>= 1.3.92), perl, libgnupg-interface-perl,
+ libtext-template-perl, libmime-perl, libmailtools-perl (>= 1.62),
+ mailx
-Since we do not upload the new signatures, or import them into our
-main keyring, the signature only gets public if:
- - the email address is valid
- - the person reading the email can decrypt the mail (if it was sent
- encrypted).
+INSTALLATION
+------------
-Therefore we achieve the same level of security as common Challenge
-Repsonse systems like CABot, without all the extra hassle of those
-systems.
+After creating a ~/.caffrc from the template, caff almost works out of the box.
+MULTIPLE SIGNING KEYS
+---------------------
-Dependencies: gnupg (>= 1.3.92), perl, libgnupg-interface-perl, libtext-template-perl, libmime-perl, libmailtools-perl (>= 1.62), mailx
+Q: I possess multiple keys. How can I use caff to sign each keyid
+ with both my keys?
+A: Try this:
+ $ caff --no-export-old --no-mail -u <mykey1> <keyids to sign>
+ $ caff --no-download --no-export-old -u <mykey2> <keyids to sign>
-INSTALLATION NOTES
-After creating a ~/.caffrc from the template, caff almost works out of the box.
--
Peter
-------------------------------
If you have loads of keys to sign (sometimes, there are keysigning parties with
-more than 100 participants), keysigning can be arkward, even with caff. It gets
+more than 100 participants), keysigning can be awkward, even with caff. It gets
worse if you have multiple local keys and want to sign with all.
Some hints to get the signing done faster:
[ Thijs Kinkhorst ]
* Upgrade debhelper compatibility to the recommended level 5.
+ * Update FSF addresses.
+ * caff: tweak documentation.
[ Christoph Berg ]
* caff: note that mailed keys are encrypted (suggested by Sune Vuorela).
- -- Christoph Berg <myon@debian.org> Wed, 15 Feb 2006 10:58:06 +0100
+ -- Thijs Kinkhorst <kink@squirrelmail.org> Tue, 28 Feb 2006 18:15:32 +0100
signing-party (0.4.4-2) unstable; urgency=low
projects / pgp-tools.git / commitdiff