Sign your GPG keys by CAFF

As we know, if we want to be a Debian mainter or developer, we need to have a GPU key, and this key must be signed by three different Debian developer, also GPG keys are quite popular in open source development world, it is kind of a new ID for you in code world. Here is an Instructuion about how to sign your GPG keys by CAFF, enjoy!

 

Set up your email

If you don't have an email transport setup (such as sendmail, postfix, etc.), exim4 provides a simple satellite-only mechanism.

1. install exim4

   sudo apt-get install exim4

2. Configure exim4 by following the on screen instructions

   dpkg-reconfigure exim4-config

   • Note, use setup your mail server

   • Your config file should look like this when finished

     # /etc/exim4/update-exim4.conf.conf
     #
     # Edit this file and /etc/mailname by hand and execute update-exim4.conf
     # yourself or use 'dpkg-reconfigure exim4-config'
     #
     # Please note that this is _not_ a dpkg-conffile and that automatic changes
     # to this file might happen. The code handling this will honor your local
     # changes, so this is usually fine, but will break local schemes that mess
     # around with multiple versions of the file.
     #
     # update-exim4.conf uses this file to determine variable values to generate
     # exim configuration macros for the configuration file.
     #
     # Most settings found in here do have corresponding questions in the
     # Debconf configuration, but not all of them.
     #
     # This is a Debian specific file
     
     dc_eximconfig_configtype='satellite'
     dc_other_hostnames=''
     dc_local_interfaces=''
     dc_readhost='hpe.com'
     dc_relay_domains=''
     dc_minimaldns='true'
     dc_relay_nets=''
     dc_smarthost='***.com'
     CFILEMODE='644'
     dc_use_split_config='false'
     dc_hide_mailname='true'
     dc_mailname_in_oh='true'
     dc_localdelivery='mail_spool'

3. Add aliases to the /etc/email-address file to map username to appropriate email from address

   1. Send a test email

      mail -s <subject> <to address>

      put in a blank CC address and anybody you'd like, to send the email press Ctrl + d

Set up CAFF

1. Install signing-party if not install so that you can use caff

2. Configure caff by running caff once and editing the .caffrc file

   1. Set owner, email, and reply-to values

   2. Set the keyid field to your the last 4 quad words of your gpg fingerprint (use gpg –fingerprint <userid>)

   3. If desired, uncomment the lines below the # Mail template line to include instructions in your response mail

3. Sign a key with caff

   caff <keyid>

   1. When given the gpg prompt, type save and enter

   • The last option will allow you to send the response email

Import a Key Sent with CAFF

1. Download the *.asc file sent in the email

2. Decrypt the message using gpg

   gpg msg.asc

   • This will create a msg file

3. Import the signature of your key

   gpg --import msg

4. Push you key back to the keyserver

   gpg --keyserver pool.sks-keyservers.net --send-key <your keyid>

Get rid of the Pesky [User ID Not Found] When Listing Sigs

1. Find any missing public keys in your keyring

   gpg --list-sigs <your keyid>

2. Receive any missing keys from the keyserver

   gpg --keyserver pool.sks-keyservers.net --recv-keys <missing key>

   • You can provide –recv-keys a list of keys by separating them with white space