PGPSigner
Sometimes I go to PGP Key Signing parties, often at some conference that I attend. While the key signing party itself is fun, there is a boring (and error prone) part of key signing that I much too often neglect: The actual signing of the keys.
You end up with a piece of paper saying who was present, which keys should be signed and then… you postpone it to another day. I found a list of keys to sign from an event eight months gone. Which sucks.
So in the true spirit of Steven Pembertons keynote at ApacheCon EU 2007 (”let the computer do the work”), I searched an application for this. There are some shell scripts out there that seem to do the job for some people but most of the times, if you ask “how do you sign your keys”, the answer is either “manually” or “I have a self rolled script” (I omitted the third possible answer “I never get around to do it”).
I am a Java Weenie. I hacked a small Java application that lets me do all the steps of reviewing a party key file, signing the keys and mailing them out (also uploading to key servers) from an interactive command line. With command completion, help and all the stuff that one expects in the 21st century.
I met the various usual Java perils (e.g. One-Jar chokes on signed jars, which are needed for JCE or strong crypto under Java needs the Unlimited Strength Policy files installed) but in the end, here is PGPSigner which allowed me to sign the party key lists from the last eight months in about ten minutes (And it was fun to test some stuff I always wanted to check out like PGP key handling in Java).
Get it from here, if you are interested. Open Source, Apache licensed. Feedback welcome.
java open source pgp
3 Responses to “PGPSigner”
1 Jeff 21 May 2007 @ 0:29
If you makes you feel any better, it was a little boost to be able to say, “Oh, hey, I got a new signature on my key. Cool.” While its not a big deal, its kinda cool to have a surprise like that show up 8 months later.
Jeff (0×9992ADFC)
2 Michael 21 May 2007 @ 0:46
Very nice.
Thanks.
3 Sander’s Weblog » How Henning Made Me Actually Do It 23 May 2007 @ 8:07
[…] For programmers, laziness manifests itself in the wish to write programs to perform repetitive tasks, not infrequently spending more time writing the program than it would have taken to just perform the task by hand. Of course the merit of writing such a program is that others can use it to perform the same repetitive task, without having to write the program first. A couple of days ago, Apache’s Henning Schmiedehausen posted PGPSigner, a utility that helps you sign all the keys on your list from the Keysigning session. […]
Leave a Reply