graphical OpenPGP signing assistant
Project description
Synopsis
pip install gcaff gcaff --keyring keys-to-sign.asc
What is gcaff?
gcaff is a graphical tool for signing OpenPGP keys. Its main use case is for signing many keys at once, after a keysigning party for example.
What are its features?
Features include:
display photo IDs and select for signing
use multiple signing keys at once
choose the certification level on a per-key basis
email each signature separately, only to the associated email address
How does it differ from caff?
gcaff is heavily influenced by caff. Apart from the obvious, there are a few important differences from caff.
gcaff does not remove uids from keys. caff sends only the uid that was signed to each email address. For now, gcaff does not do this, though it does send only the one new signature to each uid.
gcaff sends photo uid or freefrom uid signatures to all email addresses on a key. If a uid does not have an email address, this “scatter-gun” strategy is used so that the signature still has a chance of reaching the key owner.
gcaff has no pinentry mechanism whatsoever. You must have a working gpg-agent to use gcaff.
gcaff currently requires the user to supply a file containing keys to be signed; the program does not fetch any keys itself.
Cryptographic concerns
gcaff currently signs keys using the SHA256 digest. Future work may allow users to choose a digest based on the capabilities of their GnuPG implementation.
Under no circumstances are any secret keys exported from the user’s GnuPG home directory. The corresponding public keys are exported to a temporary GnuPG keyring during the signing process.
No keys in the user’s GnuPG home directory are modified during the signing process. Once signing is complete, all the signatures are written to a file whose location is reported to the user, from where they may - at the user’s discretion - imported into the regular keyring.
Dependencies
GnuPG (using gpg-agent)
Python 2.7
PyGTK >=2, <3
a local mailer (SMTP), e.g. sendmail
License
gcaff is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
Contributing
Bug reports, general feedback, patches and translations are welcome.
To submit a patch, please use git send-email or generate a pull/merge request. Write a well formed commit message. If your patch is nontrivial, add a copyright notice (or, if appropriate, update an existing notice) at the top of each file added or changed.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file gcaff-0.1.tar.gz
.
File metadata
- Download URL: gcaff-0.1.tar.gz
- Upload date:
- Size: 25.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | a2a6f535c025b462344ce5749e17854f4dff0c4f44052c79849c491c1d490b6f |
|
MD5 | da8d1e58612f3e7a7f36cd38e98a1240 |
|
BLAKE2b-256 | 74f54e897fe69f05402cd24b7b466fae8144b2cb5e87f438138c2a9939890c0c |