1CAFF(1) User Contributed Perl Documentation CAFF(1)
2
6 caff -- CA - Fire and Forget
7
9 caff [-eERS] [-m yes|ask-yes|ask-no|no] [-u yourkeyid] keyid [keyid ..]
10
12 CA Fire and Forget is a script that helps you in keysigning. It takes
13 a list of keyids on the command line, fetches them from a keyserver and
14 calls GnuPG so that you can sign it. It then mails each key to all its
15 email addresses - only including the one UID that we send to in each
16 mail, pruned from all but self sigs and sigs done by you. The mailed
17 key is encrypted with itself as a means to verify that key belongs to
18 the recipient.
19
21 -e, --export-old
22 Export old signatures. Default is to ask the user for each old
23 signature.
24 -E, --no-export-old
26 Do not export old signatures. Default is to ask the user for each
27 old signature.
28 -m, --mail yes|ask-yes|ask-no|no
30 Whether to send mail after signing. Default is to ask, for each
31 uid, with a default value of yes.
32 -R, --no-download
34 Do not retrieve the key to be signed from a keyserver.
35 -S, --no-sign
37 Do not sign the keys.
38 -u yourkeyid, --local-user yourkeyid
40 Select the key that is used for signing, in case you have more than
41 one key. To sign with multiple keys at once, separate multiple
42 keyids by comma. This option requires the key(s) to be defined
43 through the keyid variable in the configuration file.
44 --key-file file
46 Import keys from file. Can be supplied more than once.
47
49 $HOME/.caffrc - configuration file
50 $HOME/.caff/keys/yyyy-mm-dd/ - processed keys
51 $HOME/.caff/gnupghome/ - caff's working dir for gpg
52 $HOME/.caff/gnupghome/gpg.conf - gpg configuration
53 useful options include use-agent, keyserver-options, default-cert-
54 level, etc.
55
57 The configuration file is a perl script that sets values in the hash
58 %CONFIG. The file is generated when it does not exist.
59 Example:
61 $CONFIG{'owner'} = q{Peter Palfrader};
63 $CONFIG{'email'} = q{peter@palfrader.org};
64 $CONFIG{'keyid'} = [ qw{DE7AAF6E94C09C7F 62AF4031C82E0039} ];
65 Required basic settings
67 owner [string]
68 Your name. REQUIRED.
69 email [string]
71 Your email address, used in From: lines. REQUIRED.
72 keyid [list of keyids]
74 A list of your keys. This is used to determine which signatures to
75 keep in the pruning step. If you select a key using -u it has to
76 be in this list. REQUIRED.
77 General settings
79 caffhome [string]
80 Base directory for the files caff stores. Default: $HOME/.caff/.
81 GnuPG settings
83 gpg [string]
84 Path to the GnuPG binary. Default: gpg.
85 gpg-sign [string]
87 Path to the GnuPG binary which is used to sign keys. Default: what
88 gpg is set to.
89 gpg-delsig [string]
91 Path to the GnuPG binary which is used to split off signatures.
92 This was needed while the upstream GnuPG was not fixed. Default:
93 what gpg is set to.
94 secret-keyring [string]
96 Path to your secret keyring. Default: $HOME/.gnupg/secring.gpg.
97 also-encrypt-to [keyid, or list of keyids]
99 Additional keyids to encrypt messages to. Default: none.
100 gpg-sign-args [string]
102 Additional commands to pass to gpg after the "sign" command.
103 Default: none.
104 Keyserver settings
106 keyserver [string]
107 Keyserver to download keys from. Default: pool.sks-keyservers.net.
108 no-download [boolean]
110 If true, then skip the step of fetching keys from the keyserver.
111 Default: 0.
112 key-files [list of files]
114 A list of files containing keys to be imported.
115 Signing settings
117 no-sign [boolean]
118 If true, then skip the signing step. Default: 0.
119 ask-sign [boolean]
121 If true, then pause before continuing to the signing step. This is
122 useful for offline signing. Default: 0.
123 export-sig-age [seconds]
125 Don't export UIDs by default, on which your latest signature is
126 older than this age. Default: 24*60*60 (i.e. one day).
127 local-user [keyid, or list of keyids]
129 Select the key that is used for signing, in case you have more than
130 one key. With multiple keyids, sign with each key in turn.
131 Mail settings
133 mail [boolean]
134 Whether to send mails. This is a quad-option, with which you can
135 set the behaviour: yes always sends, no never sends; ask-yes and
136 ask-no asks, for each uid, with according defaults for the
137 question. Default: ask-yes.
138 In any case, the messages are also written to
140 $CONFIG{'caffhome'}/keys/
141 mail-template [string]
143 Email template which is used as the body text for the email sent
144 out instead of the default text if specified. The following perl
145 variables can be used in the template:
146 {owner} [string]
148 Your name as specified in the owner setting.
149 {key} [string]
151 The keyid of the key you signed.
152 {@uids} [array]
154 The UIDs for which signatures are included in the mail.
155 reply-to [string]
157 Add a Reply-To: header to messages sent. Default: none.
158 bcc [string]
160 Address to send blind carbon copies to when sending mail. Default:
161 none.
162 mailer-send [array]
164 Parameters to pass to Mail::Mailer. This could for example be
165 $CONFIG{'mailer-send'} = [ 'smtp', Server => 'mail.server', Auth => ['user', 'pass'] ];
167 to use the perl SMTP client or
169 $CONFIG{'mailer-send'} = [ 'sendmail', '-o8' ];
171 to pass arguments to the sendmail program. For more information
173 run "perldoc Mail::Mailer". Setting this option is strongly
174 discouraged. Fix your local MTA instead. Default: none.
175
177 Peter Palfrader <peter@palfrader.org>
178 Christoph Berg <cb@df7cb.de>
179
181 http://pgp-tools.alioth.debian.org/
182
184 gpg(1), pgp-clean(1), /usr/share/doc/signing-party/caff/caffrc.sample.
185perl v5.12.1 2010-02-11 CAFF(1)