April 2014
« Mar   May »


Key signing with caff

I don’t go to key signing parties very often, and every time I do, I have a hard time to learn how to use caff.

Caff is part of the keysigning-party package on Debian  based systems. Setup is easy and explained numerous times in the web, what I did not find is how to feed caff properly. I just did my overdue homework after CLT and before I forget, here’s what I’ve done:

I took the txt file with all the IDs and fingerprints we used to compare the hash values at the party and extracted the fingerprints. (I just learned that caff accepts fingerprints as well as key IDs, so this is the much better option. I forget way too often that the most useful info is already shipped with the software already. Have a look at: /usr/share/doc/signing-party/caff/README.many-keys!)

So, I extracted the fingerprints:

cat CLT14-keys.txt |grep Fingerabdruck| cut -b 29-78 >clt-fp

Opened “clt-fp”, and commented those fingerprints I did not want to sign with a leading “#”. This was easier than it may sound as the line numbers correspond with the number of the participants in the original file.

Then, I extracted only the fingerprints I wanted to sign:

cat clt-fp | grep -v \# >clt-fp2sign

and fired up caff with:

caff -m yes -u MyKeyID “`cat clt-fp2sign`”

Where MyKeyID is the long version you’ll get by typing:

gpg –keyid-format long –list-key 51628D75

Now I only had to check which UIDs I wanted to sign and had a glance at the last few digits of the fingerprints.


Update: 2015-05-07: added note that KeyID has to be the long version.

flattr this!

Comments are closed.