[Pgp-tools-commit] r108 - trunk/caff
Christoph Berg
myon-guest at costa.debian.org
Sat Jul 2 19:48:06 UTC 2005
Author: myon-guest
Date: 2005-07-02 19:48:05 +0000 (Sat, 02 Jul 2005)
New Revision: 108
Added:
trunk/caff/README.many-keys
trunk/caff/README.v3-keys
Log:
more documentation
Added: trunk/caff/README.many-keys
===================================================================
--- trunk/caff/README.many-keys 2005-07-02 19:21:17 UTC (rev 107)
+++ trunk/caff/README.many-keys 2005-07-02 19:48:05 UTC (rev 108)
@@ -0,0 +1,43 @@
+Using caff to sign lots of keys
+-------------------------------
+
+If you have loads of keys to sign (sometimes, there are keysigning parties with
+more than 100 participants), keysigning can be arkward, even with caff. It gets
+worse if you have multiple local keys and want to sign with all.
+
+Some hints to get the signing done faster:
+
+* Use fingerprints instead of key ids.
+
+ caff and gpg allow you to specify the full fingerprint. This will save you
+ from having to check the fingerprint yourself. If you have a text file with
+ all fingerprints, use that and then run
+
+ $ caff <options> `cat ksp-fingerprints.txt`
+
+* v3 keys are evil.
+
+ Sign v3 separately. Batch processing does not work. See README.v3-keys.
+
+* Use multiple passes.
+
+ Going through retrieving, signing, and mailing keys can help, e.g.:
+
+ $ caff -SEM `cat ksp-fingerprints.txt`
+ $ caff -REM `cat ksp-fingerprints.txt`
+ $ caff -RSE `cat ksp-fingerprints.txt`
+
+* If you have multiple local keys, only send mail once after signing with all.
+
+ caff will send out all previously done signatures in the message. (Of course
+ you have to configure $CONFIG{'keyid'} to contain all your key ids.)
+
+ $ caff -EM -u <mykey1> <other_key>
+ $ caff -RE -u <mykey2> <other_key>
+
+* Use gpg-agent.
+
+ See README.gpg-agent.
+
+ -- Christoph Berg <cb at df7cb.de> Sat, 2 Jul 2005 21:22:07 +0200
+
Added: trunk/caff/README.v3-keys
===================================================================
--- trunk/caff/README.v3-keys 2005-07-02 19:21:17 UTC (rev 107)
+++ trunk/caff/README.v3-keys 2005-07-02 19:48:05 UTC (rev 108)
@@ -0,0 +1,24 @@
+v3 keys are evil
+----------------
+
+The good thing about v4 keys is that the fingerprint ends contains the 8 byte
+(16 char) key id at the and and that the 8 byte key id likewise ends in the 4
+byte key id. For v3 keys it does not. This, and some issues with HKP key
+servers make the handling of v3 a PITA.
+
+To sign v3 keys with caff, do the following:
+
+$ caff <keyid>
+
+The key will be imported from the keyserver, but caff thinks it failed. Now run
+caff again with -R:
+
+$ caff -R <keyid>
+
+Since the key is already there, caff will proceed.
+
+
+Of course, this could be automated... patches welcome :)
+
+ -- Christoph Berg <cb at df7cb.de> Sat, 2 Jul 2005 21:34:48 +0200
+
More information about the Pgp-tools-commit
mailing list