[Pgp-tools-commit] r596 - in trunk: caff debian
Guilhem Moulin
guilhem-guest at moszumanska.debian.org
Thu Apr 3 18:41:24 UTC 2014
Author: guilhem-guest
Date: 2014-04-03 18:41:24 +0000 (Thu, 03 Apr 2014)
New Revision: 596
Modified:
trunk/caff/README.many-keys
trunk/debian/changelog
Log:
Document a possible workflow for offline signing.
Modified: trunk/caff/README.many-keys
===================================================================
--- trunk/caff/README.many-keys 2014-04-03 18:41:20 UTC (rev 595)
+++ trunk/caff/README.many-keys 2014-04-03 18:41:24 UTC (rev 596)
@@ -32,6 +32,26 @@
(Moreover, keys are selected using their 40-hex digits fingerprint,
which must be present in the list.)
+* If you prefer to do the signing offline.
+
+ You'll have to make caff's GNUPGHOME know the keys that are to be
+ signed, somehow. A possibility is to run multiple passes as explained
+ below. However if the keyring of all participants has been provided
+ by the KSP organizers, then --key-file can be enough:
+
+ $ caff <options> --no-download --key-file keyring.asc <ksp-annotated.txt
+
+ Note however that if keys in keyring.asc were stripped off all (non
+ self-)signatures, for instance if keyring.asc was created with
+ '--export-options export-minimal', caff won't be able to detect your
+ old signatures unless they are already present in its own keyring
+ (which should be the case if signing is never done without caff).
+
+ Note also that if keys in keyring.asc were stripped off their
+ encryption subkeys (which fortunately gpg never does when exporting,
+ but which a zealous KSP organizer could have done manually to reduce
+ the file size), caff may send unencrypted mails.
+
* v3 keys are evil.
V3 keys (pgp 2.6x keys) are deprecated. Not only do they rely on md5 for
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2014-04-03 18:41:20 UTC (rev 595)
+++ trunk/debian/changelog 2014-04-03 18:41:24 UTC (rev 596)
@@ -4,6 +4,7 @@
+ Give an example of 'mailer-send' with a custom envelope sender address.
+ Document a possible workflow in README.many-keys, when working with an
annotated gpgparticipants(1) list.
+ + Document a possible workflow for offline signing.
* gpgparticipants:
+ Escape hyphen-minuses (-) in the documentation, as groff may interpret
them as hyphens (U+2010).
More information about the Pgp-tools-commit
mailing list