Man Linux: Main Page and Category List


       caff -- CA - Fire and Forget


       caff [-eERS] [-m yes|ask-yes|ask-no|no] [-u yourkeyid] keyid [keyid ..]


       CA Fire and Forget is a script that helps you in keysigning.  It takes
       a list of keyids on the command line, fetches them from a keyserver and
       calls GnuPG so that you can sign it.  It then mails each key to all its
       email addresses - only including the one UID that we send to in each
       mail, pruned from all but self sigs and sigs done by you.  The mailed
       key is encrypted with itself as a means to verify that key belongs to
       the recipient.


       -e, --export-old
           Export old signatures. Default is to ask the user for each old

       -E, --no-export-old
           Do not export old signatures. Default is to ask the user for each
           old signature.

       -m, --mail yes|ask-yes|ask-no|no
           Whether to send mail after signing. Default is to ask, for each
           uid, with a default value of yes.

       -R, --no-download
           Do not retrieve the key to be signed from a keyserver.

       -S, --no-sign
           Do not sign the keys.

       -u yourkeyid, --local-user yourkeyid
           Select the key that is used for signing, in case you have more than
           one key.  To sign with multiple keys at once, separate multiple
           keyids by comma. This option requires the key(s) to be defined
           through the keyid variable in the configuration file.

       --key-file file
           Import keys from file. Can be supplied more than once.


       $HOME/.caffrc  -  configuration file
       $HOME/.caff/keys/yyyy-mm-dd/  -  processed keys
       $HOME/.caff/gnupghome/  -  caff’s working dir for gpg
       $HOME/.caff/gnupghome/gpg.conf  -  gpg configuration
           useful options include use-agent, keyserver-options, default-cert-
           level, etc.


       The configuration file is a perl script that sets values in the hash
       %CONFIG.  The file is generated when it does not exist.


               $CONFIG{'owner'} = q{Peter Palfrader};
               $CONFIG{'email'} = q{};
               $CONFIG{'keyid'} = [ qw{DE7AAF6E94C09C7F 62AF4031C82E0039} ];

   Required basic settings
       owner [string]
           Your name.  REQUIRED.

       email [string]
           Your email address, used in From: lines.  REQUIRED.

       keyid [list of keyids]
           A list of your keys.  This is used to determine which signatures to
           keep in the pruning step.  If you select a key using -u it has to
           be in this list.  REQUIRED.

   General settings
       caffhome [string]
           Base directory for the files caff stores.  Default: $HOME/.caff/.

   GnuPG settings
       gpg [string]
           Path to the GnuPG binary.  Default: gpg.

       gpg-sign [string]
           Path to the GnuPG binary which is used to sign keys.  Default: what
           gpg is set to.

       gpg-delsig [string]
           Path to the GnuPG binary which is used to split off signatures.
           This was needed while the upstream GnuPG was not fixed.  Default:
           what gpg is set to.

       secret-keyring [string]
           Path to your secret keyring.  Default: $HOME/.gnupg/secring.gpg.

       also-encrypt-to [keyid, or list of keyids]
           Additional keyids to encrypt messages to. Default: none.

       gpg-sign-args [string]
           Additional commands to pass to gpg after the "sign" command.
           Default: none.

   Keyserver settings
       keyserver [string]
           Keyserver to download keys from.  Default:

       no-download [boolean]
           If true, then skip the step of fetching keys from the keyserver.
           Default: 0.

       key-files [list of files]
           A list of files containing keys to be imported.

   Signing settings
       no-sign [boolean]
           If true, then skip the signing step. Default: 0.

       ask-sign [boolean]
           If true, then pause before continuing to the signing step.  This is
           useful for offline signing. Default: 0.

       export-sig-age [seconds]
           Don’t export UIDs by default, on which your latest signature is
           older than this age.  Default: 24*60*60 (i.e. one day).

       local-user [keyid, or list of keyids]
           Select the key that is used for signing, in case you have more than
           one key.  With multiple keyids, sign with each key in turn.

   Mail settings
       mail [boolean]
           Whether to send mails. This is a quad-option, with which you can
           set the behaviour: yes always sends, no never sends; ask-yes and
           ask-no asks, for each uid, with according defaults for the
           question. Default: ask-yes.

           In any case, the messages are also written to

       mail-template [string]
           Email template which is used as the body text for the email sent
           out instead of the default text if specified. The following perl
           variables can be used in the template:

           {owner} [string]
               Your name as specified in the owner setting.

           {key} [string]
               The keyid of the key you signed.

           {@uids} [array]
               The UIDs for which signatures are included in the mail.

       reply-to [string]
           Add a Reply-To: header to messages sent. Default: none.

       bcc [string]
           Address to send blind carbon copies to when sending mail.  Default:

       mailer-send [array]
           Parameters to pass to Mail::Mailer.  This could for example be

                   $CONFIG{'mailer-send'} =  [ 'smtp', Server => 'mail.server', Auth => ['user', 'pass'] ];

           to use the perl SMTP client or

                   $CONFIG{'mailer-send'} =  [ 'sendmail', '-o8' ];

           to pass arguments to the sendmail program.  For more information
           run "perldoc Mail::Mailer".  Setting this option is strongly
           discouraged.  Fix your local MTA instead.  Default: none.


       Peter Palfrader <>
       Christoph Berg <>



       gpg(1), pgp-clean(1), /usr/share/doc/signing-party/caff/caffrc.sample.