[Pgp-tools-commit] r596 - in trunk: caff debian

Guilhem Moulin guilhem-guest at moszumanska.debian.org
Thu Apr 3 18:41:24 UTC 2014 

Author: guilhem-guest
Date: 2014-04-03 18:41:24 +0000 (Thu, 03 Apr 2014)
New Revision: 596

Modified:
   trunk/caff/README.many-keys
   trunk/debian/changelog
Log:
Document a possible workflow for offline signing.

Modified: trunk/caff/README.many-keys
===================================================================
--- trunk/caff/README.many-keys	2014-04-03 18:41:20 UTC (rev 595)
+++ trunk/caff/README.many-keys	2014-04-03 18:41:24 UTC (rev 596)
@@ -32,6 +32,26 @@
   (Moreover, keys are selected using their 40-hex digits fingerprint,
   which must be present in the list.)
 
+* If you prefer to do the signing offline.
+
+  You'll have to make caff's GNUPGHOME know the keys that are to be
+  signed, somehow.  A possibility is to run multiple passes as explained
+  below.  However if the keyring of all participants has been provided
+  by the KSP organizers, then --key-file can be enough:
+
+  $ caff <options> --no-download --key-file keyring.asc <ksp-annotated.txt
+
+  Note however that if keys in keyring.asc were stripped off all (non
+  self-)signatures, for instance if keyring.asc was created with
+  '--export-options export-minimal', caff won't be able to detect your
+  old signatures unless they are already present in its own keyring
+  (which should be the case if signing is never done without caff).
+
+  Note also that if keys in keyring.asc were stripped off their
+  encryption subkeys (which fortunately gpg never does when exporting,
+  but which a zealous KSP organizer could have done manually to reduce
+  the file size), caff may send unencrypted mails.
+
 * v3 keys are evil.
 
   V3 keys (pgp 2.6x keys) are deprecated.  Not only do they rely on md5 for

Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2014-04-03 18:41:20 UTC (rev 595)
+++ trunk/debian/changelog	2014-04-03 18:41:24 UTC (rev 596)
@@ -4,6 +4,7 @@
     + Give an example of 'mailer-send' with a custom envelope sender address.
     + Document a possible workflow in README.many-keys, when working with an
       annotated gpgparticipants(1) list.
+    + Document a possible workflow for offline signing.
   * gpgparticipants:
     + Escape hyphen-minuses (-) in the documentation, as groff may interpret
       them as hyphens (U+2010).

More information about the Pgp-tools-commit mailing list