[Pgp-tools-commit] r108 - trunk/caff

Christoph Berg myon-guest at costa.debian.org
Sat Jul 2 19:48:06 UTC 2005 

Author: myon-guest
Date: 2005-07-02 19:48:05 +0000 (Sat, 02 Jul 2005)
New Revision: 108

Added:
   trunk/caff/README.many-keys
   trunk/caff/README.v3-keys
Log:
more documentation

Added: trunk/caff/README.many-keys
===================================================================
--- trunk/caff/README.many-keys	2005-07-02 19:21:17 UTC (rev 107)
+++ trunk/caff/README.many-keys	2005-07-02 19:48:05 UTC (rev 108)
@@ -0,0 +1,43 @@
+Using caff to sign lots of keys
+-------------------------------
+
+If you have loads of keys to sign (sometimes, there are keysigning parties with
+more than 100 participants), keysigning can be arkward, even with caff. It gets
+worse if you have multiple local keys and want to sign with all.
+
+Some hints to get the signing done faster:
+
+* Use fingerprints instead of key ids.
+
+  caff and gpg allow you to specify the full fingerprint. This will save you
+  from having to check the fingerprint yourself. If you have a text file with
+  all fingerprints, use that and then run
+
+  $ caff <options> `cat ksp-fingerprints.txt`
+
+* v3 keys are evil.
+
+  Sign v3 separately. Batch processing does not work. See README.v3-keys.
+
+* Use multiple passes.
+
+  Going through retrieving, signing, and mailing keys can help, e.g.:
+
+  $ caff -SEM `cat ksp-fingerprints.txt`
+  $ caff -REM `cat ksp-fingerprints.txt`
+  $ caff -RSE `cat ksp-fingerprints.txt`
+
+* If you have multiple local keys, only send mail once after signing with all.
+
+  caff will send out all previously done signatures in the message. (Of course
+  you have to configure $CONFIG{'keyid'} to contain all your key ids.)
+
+  $ caff -EM -u <mykey1> <other_key>
+  $ caff -RE -u <mykey2> <other_key>
+
+* Use gpg-agent.
+
+  See README.gpg-agent.
+
+ -- Christoph Berg <cb at df7cb.de>  Sat,  2 Jul 2005 21:22:07 +0200
+

Added: trunk/caff/README.v3-keys
===================================================================
--- trunk/caff/README.v3-keys	2005-07-02 19:21:17 UTC (rev 107)
+++ trunk/caff/README.v3-keys	2005-07-02 19:48:05 UTC (rev 108)
@@ -0,0 +1,24 @@
+v3 keys are evil
+----------------
+
+The good thing about v4 keys is that the fingerprint ends contains the 8 byte
+(16 char) key id at the and and that the 8 byte key id likewise ends in the 4
+byte key id. For v3 keys it does not. This, and some issues with HKP key
+servers make the handling of v3 a PITA.
+
+To sign v3 keys with caff, do the following:
+
+$ caff <keyid>
+
+The key will be imported from the keyserver, but caff thinks it failed. Now run
+caff again with -R:
+
+$ caff -R <keyid>
+
+Since the key is already there, caff will proceed.
+
+
+Of course, this could be automated... patches welcome :)
+
+ -- Christoph Berg <cb at df7cb.de>  Sat,  2 Jul 2005 21:34:48 +0200
+

More information about the Pgp-tools-commit mailing list