Differences between revisions 1 and 2
Revision 1 as of 2013-08-13 09:27:14
Size: 4037
Comment: Creating new page caff
Revision 2 as of 2013-08-13 11:30:07
Size: 4590
Comment: Adding Hint for gbg.conf
Deletions are marked like this. Additions are marked like this.
Line 88: Line 88:
gpg --with-colons --list-key bgt@ms-dollar.com gpg --with-colons --list-key bg@ms-dollar.com
Line 95: Line 95:
If you don't have set up a local MTA yet then you have to set the variable `$CONFIG{'mailer-send'}` so caff can send the signing mail. Take a look into the manpage of craff to see how this has to be done. If you don't have set up a local MTA yet then you have to set the variable `$CONFIG{'mailer-send'}` so caff can send the signing mail. Take a look into the manpage of caff to see how this has to be done.

=== Attention! ===
`caff` uses it's own `gpg.conf` and stores the keyring also in the `$HOME/caff/` subdirectory! So you have to share the original $HOME/.gnupg/gpg.conf and the keyring with caff. That's boring, just use symlinks to redirect the output of caff to $HOME/.gnupg '''before''' you start to use `caff`.
{{{
$ cd $HOME/caff/gnupghome
$ for i in $(ls $HOME/.gnupg); do echo $i && ln -s $HOME/.gnupg/$i; done
}}}
Please make sure you have at least the `gbg.conf`, `pubring.gpg`, `secring.gpg` and `trustdb.gpg` linked to `$HOME/.gnupg`

caff

caff is a synonym for "CA - fire and forget". It's a Perl script that helps you to automats the whole bunch of manual steps you have to do for every single key you want to sign after a key signing party. caff is part of the package signing-party. caff will mostly used after a keysinging party.

Installation

sudo apt-get install signing-party

Preparation for first use

After the installation you have to setup your local caff environment, this has to be done in $HOME/.caff/ and especially in $HOME/.caffrc. Right after the installation there is nothing there, you can create the file .caffrc by simple calling caff on the commandline.

$ caff
No configfile /home/[User]/.caffrc present, I will use this template:
[INFO] Error: No keys were found using "gpg --list-public-keys 'Username'".
[INFO] Error: No email address was found using "gpg --list-public-keys 'Username'".
# .caffrc -- vim:ft=perl:
# This file is in perl(1) format - see caff(1) for details.

$CONFIG{'owner'} = 'Username';
#$CONFIG{'email'} = '[user]@[domain]';
#$CONFIG{'reply-to'} = 'foo@bla.org';

# You can get your long keyid from
#   gpg --with-colons --list-key <yourkeyid|name|emailaddress..>
#
# If you have a v4 key, it will simply be the last 16 digits of
# your fingerprint.
#
# Example:
#   $CONFIG{'keyid'} = [ qw{FEDCBA9876543210} ];
#  or, if you have more than one key:
#   $CONFIG{'keyid'} = [ qw{0123456789ABCDEF 89ABCDEF76543210} ];
#$CONFIG{'keyid'} = [ qw{0123456789abcdef 89abcdef76543210} ];

# Select this/these keys to sign with
#$CONFIG{'local-user'} = [ qw{0123456789abcdef 89abcdef76543210} ];

# Additionally encrypt messages for these keyids
#$CONFIG{'also-encrypt-to'} = [ qw{0123456789abcdef 89abcdef76543210} ];

# Mail template to use for the encrypted part
#$CONFIG{'mail-template'} = << 'EOM';
#Hi,
#
#please find attached the user id{(scalar @uids >= 2 ? 's' : '')}
#{foreach $uid (@uids) {
#    $OUT .= "\t".$uid."\n";
#};}of your key {$key} signed by me.
#
#If you have multiple user ids, I sent the signature for each user id
#separately to that user id's associated email address. You can import
#the signatures by running each through `gpg --import`.
#
#Note that I did not upload your key to any keyservers. If you want this
#new signature to be available to others, please upload it yourself.
#With GnuPG this can be done using
#       gpg --keyserver pool.sks-keyservers.net --send-key {$key}
#
#If you have any questions, don't hesitate to ask.
#
#Regards,
#{$owner}
#EOM

Please edit /home/[User]/.caffrc and run caff again.

caff has now created a new $HOME/.caffrc and you have to change some of the variables inside to your needs. There is at least a minimum to setup.

# change the name
$CONFIG{'owner'} = 'Bill Gates';
# change the email address
$CONFIG{'email'} = 'bg@ms-dollar.com';
# your keyid
$CONFIG{'keyid'} = [ qw{1234567890ABCDEF} ];

If you have more than one key in use you have to add them all to $CONFIG{'keyid'}

# in case you have more than one keyid
#                       <----keyid1----> <----keyid2----> (... and so on)
$CONFIG{'keyid'} = [ qw{1234567890ABCDEF ABCDEF1234567890} ];

You can get your keyids by using the command gpg --with-colons --list-key <yourkeyid|name|emailaddress..> as suggested by the output off the first caff call.

gpg --with-colons --list-key bg@ms-dollar.com
...
pub:u:4096:1:1234567890ABCDEF:2013-08-08:::u:Bill Gates <bg@ms-dollar.com>::scESC:
              <- your keyid ->
...

The template for the outgoing mail doesn't needed to be changed normaly, but if you want to change you can this also in the caffrc. If you don't have set up a local MTA yet then you have to set the variable $CONFIG{'mailer-send'} so caff can send the signing mail. Take a look into the manpage of caff to see how this has to be done.

Attention!

caff uses it's own gpg.conf and stores the keyring also in the $HOME/caff/ subdirectory! So you have to share the original $HOME/.gnupg/gpg.conf and the keyring with caff. That's boring, just use symlinks to redirect the output of caff to $HOME/.gnupg before you start to use caff.

$ cd $HOME/caff/gnupghome 
$ for i in $(ls $HOME/.gnupg); do echo $i && ln -s $HOME/.gnupg/$i; done

Please make sure you have at least the gbg.conf, pubring.gpg, secring.gpg and trustdb.gpg linked to $HOME/.gnupg