Thursday, July 28, 2011

caff harmful unless you know what you're doing

So there are two things I stumbled upon with caff:
  • If you have two keys, you want to set $CONFIG{'local-user'} to the content of $CONFIG{'keyid'}. For some reason unbeknownst to me this option is not even listed in the configuration file template. keyid does something different that you'd expect…
  • More importantly it uses its own gpg.conf for whatever reason (probably because it sets its own GnuPG homedir and does not override the configuration file location). So if you, like me, put the right settings for strong signatures into ~/.gnupg/gpg.conf, you need to replicate them into ~/.caff/gnupghome/gpg.conf.
Thanks to Tom Marble for the hint. I'm still sad that I'd basically need to re-do yesterday's keysigning (which was about 100 e-mails), just to switch from the default SHA1 to SHA256…

5 comments:

  1. Just FYI, I guess this will feel like dejavu... :)

    http://www.gag.com/bdale/blog/posts/Strong_Keys.html

    ReplyDelete
  2. Interestingly, it's apparently also not a bug... http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527944

    ReplyDelete
  3. There are a couple of things about Caff that I ended up being frustrated with last year at DebConf10:

    - By default, Caff expects that the MTA local to your machine has been set up to email outbound directly. If you don't catch this, you think that you've sent out GPG signatures, but really they're just stuck on your laptop in an SMTP queue.

    - Since Caff was written in Perl, it's possible to configure it to use an alternate SMTP method, however there's no way to configure using an SMTP server that uses SMTP AUTH over TLS on port 587, which is what I needed. If there's a way to do this from Perl directly with a module, it's black magic I couldn't find.

    - If there's a way of exporting the files that Caff creates to email them from a separate Mail User Agent, I don't know about it either.

    ReplyDelete
  4. Well, setting up Exim to do smarthost forwarding to your normal outside MTA isn't hard (if you don't mind to store the outgoing SMTP password in a file that's readable by root only). If you want me to blog that, I can do it.

    The mails caff creates are found in ~/.caff/keys/DATE/*. You should be able to stuff them into a maildir and send them from there, too. But that might be more interesting with graphical clients, too. (I happen to use mutt.)

    ReplyDelete
  5. So what's keyid for ??

    ReplyDelete