Package: signing-party
Version: 1.1.4-1
Severity: wishlist
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
Serafeim Zanikolas wrote two useful scripts after debconf10. In his own words:
Hey all,
I've written a couple of scripts to reduce the pain of the fingerprint
verification one has to do after a key signing party.
These scripts are quick n ugly hacks I haven't considered worthy of sharing,
until I found out yesterday that some people actually do the verification by
hand.
http://people.debian.org/~sez/ksp/
Regards, Thomas Koch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJOw/asAAoJEAf8SJEEK6ZaZTIQAJYV8C6CNrgN4Vwg7smfqfho
xlkY0UaNITXv7JU7/+GOm72n9idXLHdkyVNh83GvPUQKQ9vg/EUheEwu6Sk935X3
CoPUK105/R4Scm4TjUDvDZngixy+ne+EXOOafNpGGjl3MLwQQi75cMRtvmJdvJsk
fnypO7TotyIA4xi3Q/Tt3TLCAZfwFd+GFZ9yIRl9EQukGSaeUQNaajf1B1l5vsan
/mPmKsizlTA80iHpDAG4DAibBfNduqt9wHblc8Y7UqXnDMPKZ4SGEH7qhwwIa/dN
KWbYj2yZ1ciMc8PNyKm+ZhY50QmL4semhC47gcfXD49QU2z0HdR9mS/v/suaXlHG
pWc0CTjhj/2Rm9b/SnMNcmvaTjv5TWlch9DZ1RaTpjk9a4XaIw6+p+KZRaEtKxjr
v40J41/IgZsUcSsU8eH8yBsiJVrkWXdf7KDHdx8/SQjU7HdFX7TQg9y9b1K+rCtu
z3/rFfisgBt4+sQoxbHKUfqcahTaUnmGxjNOk9A2ae6i0nLXDmbMQtTK21M89C26
+6wqsYzQEhE1TzFwFP6LlX9kBE6I7RumXde3MdiCTFTjuVSlohM02V8ERzIt1Vxf
IYEFXejHYo1+MhbMrunRmdl/U2hho8Dqdqz59le6T9sw6Nh6GNwiamYuQ7htl1Mk
Z/ygSnA/t8FgeafgUqFK
=a9jl
-----END PGP SIGNATURE-----
#!/usr/bin/python
import sys
import re
in_good_block = False
good_block_pat = re.compile('^[0-9]')
bad_block_pat = re.compile('^#[0-9]')
for line in sys.stdin:
if good_block_pat.match(line):
in_good_block = True
name = '-'.join(line.split()[1:4])
elif bad_block_pat.match(line):
in_good_block = False
if in_good_block:
if line.startswith('pub '):
keyid = line.split()[1].split('/')[1]
elif line.startswith(' Key fingerprint = '):
fingerprint = " ".join(line.split()[3:])
print name, keyid, fingerprint
keyid, fingerprint = None, None
#!/usr/bin/python
import sys
import commands
import os
infile = sys.argv[1]
mismatches = False
diff = open('%s.diff' % infile, 'w')
for line in open(infile):
fields = line.split()
name = fields[0]
keyid = ''.join(fields[-2:])
known_fingerprint = " ".join(fields[2:])
status, output = commands.getstatusoutput('gpg --fingerprint %s' % keyid)
if status != 0:
print 'no key stored for keyid %s (%s)' % (keyid, name)
continue
fingerprint_line = [line for line in output.split('\n')
if 'Key fingerprint' in line]
if not fingerprint_line:
print 'failed to parse fingerprint for keyid %s (%s)' % (keyid, name)
continue
stored_fingerprint = ' '.join(fingerprint_line[0].split()[3:])
if known_fingerprint == stored_fingerprint:
print keyid, 'ok'
else:
print keyid, 'nok'
print known_fingerprint
print stored_fingerprint
print
mismatches = True
diff.write('%s %s\n' % (name, stored_fingerprint))
diff.close()
if mismatches:
cmd = 'wdiff %s %s.diff' % (infile, infile)
print cmd
os.system(cmd)
ksp-dc10.gpg: verified keyring of all files (from party organiser)
ksp.txt: verified form with all keys; the entries in which the hash ('#')
before the number entry has been removed are those that will be signed
gpg --import ksp-dc10.gpg # imports all public keys
../convert-form-to-one-line-per-entry.py <ksp.txt >to-sign.txt
# review names whose keys are to be signed
../verify-fingerprints.py | tee keyids-with-verified-fingerprints.txt
keyids=$(awk '/ ok$/ {print $1}' keyids-with-verified-fingerprints.txt)
# (setup gpg-agent)
# replace -m and -s values as appropriate
pius -m s...@debian.org -a -e -s 0ED6122A $keyids
