From: myon-guest Date: Sat, 2 Jul 2005 19:48:05 +0000 (+0000) Subject: more documentation X-Git-Url: https://git.sthu.org/?a=commitdiff_plain;h=72d0da607a296094cdffd068f011ce28106097fe;p=pgp-tools.git more documentation git-svn-id: svn://svn.debian.org/pgp-tools/trunk@108 b513b33f-fedd-0310-b452-c3deb5f4c849 --- diff --git a/caff/README.many-keys b/caff/README.many-keys new file mode 100644 index 0000000..ce57d5e --- /dev/null +++ b/caff/README.many-keys @@ -0,0 +1,43 @@ +Using caff to sign lots of keys +------------------------------- + +If you have loads of keys to sign (sometimes, there are keysigning parties with +more than 100 participants), keysigning can be arkward, even with caff. It gets +worse if you have multiple local keys and want to sign with all. + +Some hints to get the signing done faster: + +* Use fingerprints instead of key ids. + + caff and gpg allow you to specify the full fingerprint. This will save you + from having to check the fingerprint yourself. If you have a text file with + all fingerprints, use that and then run + + $ caff `cat ksp-fingerprints.txt` + +* v3 keys are evil. + + Sign v3 separately. Batch processing does not work. See README.v3-keys. + +* Use multiple passes. + + Going through retrieving, signing, and mailing keys can help, e.g.: + + $ caff -SEM `cat ksp-fingerprints.txt` + $ caff -REM `cat ksp-fingerprints.txt` + $ caff -RSE `cat ksp-fingerprints.txt` + +* If you have multiple local keys, only send mail once after signing with all. + + caff will send out all previously done signatures in the message. (Of course + you have to configure $CONFIG{'keyid'} to contain all your key ids.) + + $ caff -EM -u + $ caff -RE -u + +* Use gpg-agent. + + See README.gpg-agent. + + -- Christoph Berg Sat, 2 Jul 2005 21:22:07 +0200 + diff --git a/caff/README.v3-keys b/caff/README.v3-keys new file mode 100644 index 0000000..4eefc5f --- /dev/null +++ b/caff/README.v3-keys @@ -0,0 +1,24 @@ +v3 keys are evil +---------------- + +The good thing about v4 keys is that the fingerprint ends contains the 8 byte +(16 char) key id at the and and that the 8 byte key id likewise ends in the 4 +byte key id. For v3 keys it does not. This, and some issues with HKP key +servers make the handling of v3 a PITA. + +To sign v3 keys with caff, do the following: + +$ caff + +The key will be imported from the keyserver, but caff thinks it failed. Now run +caff again with -R: + +$ caff -R + +Since the key is already there, caff will proceed. + + +Of course, this could be automated... patches welcome :) + + -- Christoph Berg Sat, 2 Jul 2005 21:34:48 +0200 +