PGPSigner
Sometimes I go to PGP Key Signing parties, often at some conference that I attend. While the key signing party itself is fun, there is a boring (and error prone) part of key signing that I much too often neglect: The actual signing of the keys.
You end up with a piece of paper saying who was present, which keys should be signed and then… you postpone it to another day. I found a list of keys to sign from an event eight months gone. Which sucks.
So in the true spirit of Steven Pembertons keynote at ApacheCon EU 2007 (”let the computer do the work”), I searched an application for this. There are some shell scripts out there that seem to do the job for some people but most of the times, if you ask “how do you sign your keys”, the answer is either “manually” or “I have a self rolled script” (I omitted the third possible answer “I never get around to do it”).
I am a Java Weenie. I hacked a small Java application that lets me do all the steps of reviewing a party key file, signing the keys and mailing them out (also uploading to key servers) from an interactive command line. With command completion, help and all the stuff that one expects in the 21st century.
I met the various usual Java perils (e.g. One-Jar chokes on signed jars, which are needed for JCE or strong crypto under Java needs the Unlimited Strength Policy files installed) but in the end, here is PGPSigner which allowed me to sign the party key lists from the last eight months in about ten minutes (And it was fun to test some stuff I always wanted to check out like PGP key handling in Java).
Get it from here, if you are interested. Open Source, Apache licensed. Feedback welcome.
java open source pgp