Package: signing-party Version: 1.1.4-1 Severity: wishlist -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi, Serafeim Zanikolas wrote two useful scripts after debconf10. In his own words: Hey all, I've written a couple of scripts to reduce the pain of the fingerprint verification one has to do after a key signing party. These scripts are quick n ugly hacks I haven't considered worthy of sharing, until I found out yesterday that some people actually do the verification by hand. http://people.debian.org/~sez/ksp/ Regards, Thomas Koch -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJOw/asAAoJEAf8SJEEK6ZaZTIQAJYV8C6CNrgN4Vwg7smfqfho xlkY0UaNITXv7JU7/+GOm72n9idXLHdkyVNh83GvPUQKQ9vg/EUheEwu6Sk935X3 CoPUK105/R4Scm4TjUDvDZngixy+ne+EXOOafNpGGjl3MLwQQi75cMRtvmJdvJsk fnypO7TotyIA4xi3Q/Tt3TLCAZfwFd+GFZ9yIRl9EQukGSaeUQNaajf1B1l5vsan /mPmKsizlTA80iHpDAG4DAibBfNduqt9wHblc8Y7UqXnDMPKZ4SGEH7qhwwIa/dN KWbYj2yZ1ciMc8PNyKm+ZhY50QmL4semhC47gcfXD49QU2z0HdR9mS/v/suaXlHG pWc0CTjhj/2Rm9b/SnMNcmvaTjv5TWlch9DZ1RaTpjk9a4XaIw6+p+KZRaEtKxjr v40J41/IgZsUcSsU8eH8yBsiJVrkWXdf7KDHdx8/SQjU7HdFX7TQg9y9b1K+rCtu z3/rFfisgBt4+sQoxbHKUfqcahTaUnmGxjNOk9A2ae6i0nLXDmbMQtTK21M89C26 +6wqsYzQEhE1TzFwFP6LlX9kBE6I7RumXde3MdiCTFTjuVSlohM02V8ERzIt1Vxf IYEFXejHYo1+MhbMrunRmdl/U2hho8Dqdqz59le6T9sw6Nh6GNwiamYuQ7htl1Mk Z/ygSnA/t8FgeafgUqFK =a9jl -----END PGP SIGNATURE-----
#!/usr/bin/python import sys import re in_good_block = False good_block_pat = re.compile('^[0-9]') bad_block_pat = re.compile('^#[0-9]') for line in sys.stdin: if good_block_pat.match(line): in_good_block = True name = '-'.join(line.split()[1:4]) elif bad_block_pat.match(line): in_good_block = False if in_good_block: if line.startswith('pub '): keyid = line.split()[1].split('/')[1] elif line.startswith(' Key fingerprint = '): fingerprint = " ".join(line.split()[3:]) print name, keyid, fingerprint keyid, fingerprint = None, None
#!/usr/bin/python import sys import commands import os infile = sys.argv[1] mismatches = False diff = open('%s.diff' % infile, 'w') for line in open(infile): fields = line.split() name = fields[0] keyid = ''.join(fields[-2:]) known_fingerprint = " ".join(fields[2:]) status, output = commands.getstatusoutput('gpg --fingerprint %s' % keyid) if status != 0: print 'no key stored for keyid %s (%s)' % (keyid, name) continue fingerprint_line = [line for line in output.split('\n') if 'Key fingerprint' in line] if not fingerprint_line: print 'failed to parse fingerprint for keyid %s (%s)' % (keyid, name) continue stored_fingerprint = ' '.join(fingerprint_line[0].split()[3:]) if known_fingerprint == stored_fingerprint: print keyid, 'ok' else: print keyid, 'nok' print known_fingerprint print stored_fingerprint print mismatches = True diff.write('%s %s\n' % (name, stored_fingerprint)) diff.close() if mismatches: cmd = 'wdiff %s %s.diff' % (infile, infile) print cmd os.system(cmd)
ksp-dc10.gpg: verified keyring of all files (from party organiser) ksp.txt: verified form with all keys; the entries in which the hash ('#') before the number entry has been removed are those that will be signed gpg --import ksp-dc10.gpg # imports all public keys ../convert-form-to-one-line-per-entry.py <ksp.txt >to-sign.txt # review names whose keys are to be signed ../verify-fingerprints.py | tee keyids-with-verified-fingerprints.txt keyids=$(awk '/ ok$/ {print $1}' keyids-with-verified-fingerprints.txt) # (setup gpg-agent) # replace -m and -s values as appropriate pius -m s...@debian.org -a -e -s 0ED6122A $keyids