Re: ITP: signing-party

To: debian-devel@lists.debian.org
Subject: Re: ITP: signing-party
From: Roland Mas <lolando@debian.org>
Date: Fri, 02 Nov 2001 08:11:27 +0100
Message-id: <[🔎] 871yjhbqao.fsf@cachemir.echo-net.net>
In-reply-to: <[🔎] Pine.LNX.4.33.0111011619230.26763-100000@phobos.fachschaften.tu-muenchen.de> (Simon Richter's message of "Thu, 1 Nov 2001 16:28:13 +0100 (CET)")
References: <[🔎] Pine.LNX.4.33.0111011619230.26763-100000@phobos.fachschaften.tu-muenchen.de>

Simon Richter (2001-11-01 16:28:13 +0100) :

> I'm at a conference ATM, and I'm going to introduce a few people to the
> concepts of key signing tomorrow. For this, I've hacked a few scripts, for
> example one that makes a PS file which looks like "gpg --list-keys" output
> (except with a nicer font), which I'd like to package so people can use
> them for their own signing parties. 

Just in the case this helps honourable people on this list, and in the
hope that maybe this work can end up in a good-quality package, I
attach the scripts I use for GPG handling.  They are not very long,
not very complex, and therefore not very well documented (but the code
is clear).

  sync-keys.sh can be used to fetch a key from several servers, or to
push it back.  Its aim is to synchronise keyrings.

#! /bin/sh

if [ $# -lt 1 ] ; then
    echo "Usage: sync-keys.sh <--get | --put> key-id"
    exit 1
fi

action=$1
shift

keyid=$1
serverlist=$(sed s/#.*// ~/.sync-keys.conf)

if [ "$action" == "--get" ] ; then
    for i in $serverlist ; do
	printf "Retrieving key $keyid from server $i..."
	# gpg --keyserver $i --recv-keys $keyid && printf " OK\n" || printf " NOT OK\n"
	gpg --keyserver $i --recv-keys $keyid &> /dev/null && printf " OK\n" || printf " NOT OK\n"
    done
fi

if [ "$action" == "--put" ] ; then
    for i in $serverlist ; do
	printf "Sending key $keyid to server $i..."
	# gpg --keyserver $i --send-keys $keyid && printf " OK\n" || printf " NOT OK\n"
	gpg --keyserver $i --send-keys $keyid &> /dev/null && printf " OK\n" || printf " NOT OK\n"
    done
fi

  Here is a sample .sync-keys.conf:

keyring.debian.org
pgp.mit.edu
# search.keyserver.net	# Broken anyway, no use trying it
# belgium.keyserver.net
 thailand.keyserver.net
 germany.keyserver.net
 www.pgp.net
# deepblue.keyserver.net
# lord.keyserver.net
the.earth.li
 wwwkeys.eu.pgp.net
certserver.pgp.com
pgp.dtype.org

  And here is the script I use to massively sign keys after a
keysigning party.  It relies on agpg (found in the quintuple-agent
package), but it can also work with plain gpg if you prefer typing
your passphrase everytime.  If agpg is used, you only have to check
the fingerprints, choose what UIDs to sign, and type 'sign' then
'save'.  Type 'exit' when you have no more keys to sign.

#! /bin/sh

while true ; do
    echo
    printf "Key ID: "
    read keyid
    if [ "$keyid" == "exit" ] ; then exit 0 ; fi

    echo
    sync-keys.sh --get $keyid
    echo

    agpg --edit-key $keyid
    
    echo
    sync-keys.sh --put $keyid
    echo
    echo
done

  Finally, here is a script that I used once to mail the newly signed
keys to their owners.  There used to be a bug (body was longer and
longer as the list of recipients grew), I seem to remember I removed
it, but please test stuff before using it.  Remember this is my very
first awk script (well, apart from the hello world one).

Attachment: gpghelp.awk
Description: AWK script to mail newly signed keys to their owners

  Have fun, and send me patches if you improve things.

Roland.
-- 
Roland Mas

Despite rumour, Death isn't cruel - merely terribly, terribly good at his job.
  -- in Sourcery (Terry Pratchett)

Reply to:

References:
- ITP: signing-party
  - From: Simon Richter <sjr@debian.org>

Prev by Date: Re: RFC: SDL and X static extension libraries re-revisited
Next by Date: Re: RFC: SDL and X static extension libraries re-revisited
Previous by thread: ITP: signing-party
Next by thread: Re: Rsync on servers
Index(es):
- Date
- Thread