caff -- CA - Fire and Forget

caff [-eEmMRS] [-u yourkeyid] keyid [keyid ..]

CA Fire and Forget is a script that helps you in keysigning. It takes a list of keyids on the command line, fetches them from a keyserver and calls GnuPG so that you can sign it. It then mails each key to all its email addresses - only including the one UID that we send to in each mail, pruned from all but self sigs and sigs done by you.

-e, --export-old

Export old signatures. Default is to ask the user for each old signature.

-E, --no-export-old

Do not export old signatures. Default is to ask the user for each old signature.

-m, --mail

Send mail after signing. Default is to ask the user for each uid.

-M, --no-mail

Do not send mail after signing. Default is to ask the user for each uid.

-R, --no-download

Do not retrieve the key to be signed from a keyserver.

-S, --no-sign

Do not sign the keys.

-u yourkeyid, --local-user yourkeyid

Select the key that is used for signing, in case you have more than one key.

--key-file file

Import keys from file. Can be supplied more than once.

$HOME/.caffrc - configuration file

$HOME/.caff/keys/yyyy-mm-dd/ - processed keys

$HOME/.caff/gnupghome/ - caff's working dir for gpg

$HOME/.caff/gnupghome/gpg.conf - gpg configuration

useful options include use-agent, default-cert-level, etc.

The configuration file is a perl script that sets values in the hash %CONFIG. The file is generated when it does not exist.

Example:

        $CONFIG{owner} = q{Peter Palfrader};
        $CONFIG{email} = q{peter@palfrader.org};
        $CONFIG{keyid} = [ qw{DE7AAF6E94C09C7F 62AF4031C82E0039} ];

owner [string]

Your name. REQUIRED.

email [string]

Your email address, used in From: lines. REQUIRED.

keyid [list of keyids]

A list of your keys. This is used to determine which signatures to keep in the pruning step. If you select a key using -u it has to be in this list. REQUIRED.

caffhome [string]

Base directory for the files caff stores. Default: $HOME/.caff/.

gpg [string]

Path to the GnuPG binary. Default: gpg.

gpg-sign [string]

Path to the GnuPG binary which is used to sign keys. Default: what gpg is set to.

gpg-delsig [string]

Path to the GnuPG binary which is used to split off signatures. This was needed while the upstream GnuPG was not fixed. Default: what gpg is set to.

secret-keyring [string]

Path to your secret keyring. Default: $HOME/.gnupg/secring.gpg.

also-encrypt-to [keyid]

An additional keyid to encrypt messages to. Default: none.

gpg-sign-args [string]

Additional arguments to pass to gpg. Default: none.

keyserver [string]

Keyserver to download keys from. Default: subkeys.pgp.net.

no-download [boolean]

If true, then skip the step of fetching keys from the keyserver. Default: 0.

key-files [list of files]

A list of files containing keys to be imported.

no-sign [boolean]

If true, then skip the signing step. Default: 0.

ask-sign [boolean]

If true, then pause before continuing to the signing step. This is useful for offline signing. Default: 0.

export-sig-age [seconds]

Don't export UIDs by default, on which your latest signature is older than this age. Default: 24*60*60 (i.e. one day).

mail [boolean]

Do not prompt for sending mail, just do it. Default: 0.

no-mail [boolean]

Do not prompt for sending mail. The messages are still written to CW$CONFIG{caffhome}/keys/. Default: 0.

mail-template [string]

Email template which is used as the body text for the email sent out instead of the default text if specified. The following perl variables can be used in the template:

{owner} [string]

Your name as specified in the owner setting.

{key} [string]

The keyid of the key you signed.

{@uids} [array]

The UIDs for which signatures are included in the mail.

reply-to [string]

Add a Reply-To: header to messages sent. Default: none.

bcc [string]

Address to send blind carbon copies to when sending mail. Default: none.

Peter Palfrader <peter@palfrader.org>

Christoph Berg <cb@df7cb.de>

http://pgp-tools.alioth.debian.org/

gpg(1), pgp-clean(1), /usr/share/doc/signing-party/caff/caffrc.sample.