Follow up from key signing
Hi WLUG and BLU,
I have signed all of the keys I have access to. If you haven't received
an email from me, it's because either a) I can't get your key, or b) the
email with your signed key was lost. Please email me directly if you're
expecting a signed key from me.
A few people expressed interest in the suite of tools I'm using to make
signing easier, and also some visualization tools I'm playing with.
They're all based on Debian's pgp-tools which can be called
keysigning-party on your distribution. Hands down, the most useful tool
is CA Fire and Forget or caff. It's in most distributions, and if it's
not in your distro (or you're on a Mac) it's pretty easy to build. Just
checkout it out from svn://svn.debian.org/svn/pgp-tools/trunk, and do a
make all && make install clean
Now that you have caff installed on your machine, it's time for some
tweaks. Go ahead and run caff by typing caff at the command prompt.
This will setup the folders and files you need that we'll be tweaking.
1) I *highly* suggest making a symlink from ~/.gnupg/gpg.conf ->
~/.caff/gnupghome/ via
ln -s ~/.gnupg/gpg.conf ~/.caff/gnupghome
This will have caff use your preferences in gpg.conf and it makes it
easier to configure / use the way you want to.
2) edit ~/.gnupg/gpg.conf and set your default key, default keyserver
(most of them sync with each other so it's not a big deal, but I prefer
pool.sks-keyservers.net since it handles subkeys very well.) Also to
note, keys can prefer certain servers so don't worry if gpg is asking a
few different servers where things are. Also, if you haven't already,
set your preferences for algorithms, hashes, and compression. *NOTE*
this only applies to making new keys. You should still set the proper
preferences on your key via gpg --edit-key <KEYID>. Lastly, I like to add
ask-cert-level
so gpg (and therefore caff) ask me what certification level to give to
each signature
3) edit your ~/.caffrc file to customize your name, email address, and
email template / procedure for signing keys. Caff looks for 16 digit
keyids, not 8 so punch in the last 16 of your fingerprint for you key.
Also, I like to bcc myself on the emails in case a message gets bounced
so I can resend it easily via Thunderbird
4) Once those are edited and saved, you're all set! Grab your trusted
list, and feed caff one or more keyids to handle via
caff <KEYID> <KEYID>
participants (1)
-
Eric Martin