The configuration file is a perl script that sets values in the hash %CONFIG. The file is generated when
it does not exist.
Example:
$CONFIG{'owner'} = q{Peter Palfrader};
$CONFIG{'email'} = q{peter@palfrader.org};
$CONFIG{'keyid'} = [ qw{DE7AAF6E94C09C7F 62AF4031C82E0039} ];
Requiredbasicsettingsowner [string]
Your name. REQUIRED.
email [string]
Your email address, used in From: lines. REQUIRED.
keyid [list of keyids]
A list of your keys. This is used to determine which signatures to keep in the pruning step. If you
select a key using -u it has to be in this list. REQUIRED.
Generalsettingscaffhome [string]
Base directory for the files caff stores. Default: $HOME/.caff/.
colors [hash]
How to color output messages. See the "Term::ANSIColor" documentation for the list of supported
colors; colored output can be disabled by setting this option to an empty hash {}. Default:
{ error => 'bold bright_red'
, warn => 'bright_red'
, notice => 'bold'
, info => ''
, success => 'green' # used in combination with 'notice' and 'info'
, fail => 'yellow' # used in combination with 'notice' and 'info'
}
GnuPGsettingsgpg [string]
Path to the GnuPG binary. Default: The value of the GNUPGBIN environment variable if set, otherwise
"gpg".
secret-keyring [string]
Path to your secret keyring (GnuPG < 2.1), or to the GnuPGHOME of the agent managing the secret key
material (GnuPG >= 2.1). Default: $HOME/.gnupg/secring.gpg. If the value is not a directory with
GnuPG >= 2.1, the parent directory (i.e., $HOME/.gnupg by default) is considered instead.
also-encrypt-to [keyid, or list of keyids]
Additional keyids to encrypt messages to. Default: none.
gpg-sign-type [string]
The prefix to the "sign" command used to make the signature from gpg's shell. Can be set to a mix of
"l" (local), "nr" (non-revocable) or "t" (trust) to make a signature of the given type. See gpg(1)
for details. Default: "" (i.e., make a regular, exportable, signature).
gpg-sign-args [string]
Additional commands to pass to gpg after the "sign" command. Default: none.
Keyimportsettingsno-download [boolean]
If true, then skip the step of fetching keys from the keyserver. Default: 0.
key-files [list of files]
A list of files containing keys to be imported.
Signingsettingsno-sign [boolean]
If true, then skip the signing step. Default: 0.
ask-sign [boolean]
If true, then pause before continuing to the signing step. This is useful for offline signing.
Default: 0.
export-sig-age [seconds]
Don't export UIDs by default, on which your latest signature is older than this age. Default:
24*60*60 (i.e. one day).
local-user [keyid, or list of keyids]
Select the key that is used for signing, in case you have more than one key. With multiple keyids,
sign with each key in turn.
also-lsign-in-gnupghome [auto|ask|no]
Whether to locally sign the UIDs in the user's GnuPGHOME, in addition to caff's signatures in its own
GnuPGHOME. Such signatures are not exportable. This can be useful when the recipient forgets to
upload the signatures caff sent (or if they are non-exportable as well), as it gives a way to keep
track of which UIDs were verified. However, note that local signatures will not be deleted once the
recipient does the upload and the signer refreshes her keyring.
If the value is not no and if gpg-sign-type contains "l", each (local) signature is merely exported
from caff's own GnuPGHOME to the user's. Otherwise, if the value is auto, each UID signed in caff's
own GnuPGHOME gets automatically locally signed in the user's, using the same certification level;
this requires a working gpg-agent(1). If ask, the user is prompted for which UIDs to locally sign.
Default: no.
show-photos [boolean]
If true, then before signing a key gpg will display the photos attached to it, if any. (The photo
viewer can be specified with a "photo-viewer" option in caff's GnuPGHOME.) Default: 0.
Mailsettingsmail [yes|ask-yes|ask-no|no]
Whether to send mails. This is a quad-option, with which you can set the behaviour: yes always sends,
no never sends; ask-yes and ask-no asks, for each uid, with according defaults for the question.
Default: ask-yes.
In any case, the messages are also written to $CONFIG{'caffhome'}/keys/
mail-cant-encrypt [yes|ask-yes|ask-no|no]
The value of this option is considered instead of that of mail for recipient keys without encryption
capability. Default to the value of mail.
mail-subject [string]
Sets the value of the "Subject:" header field. %k will be expanded to the long key ID of the signed
key. Default: "Your signed PGP key 0x%k".
mail-template [string]
Email template which is used as the body text for the email sent out instead of the default text if
specified. The following perl variables can be used in the template:
{owner} [string]
Your name as specified in the owner setting.
{key} [string]
The keyid of the key you signed.
{@uids} [array]
The UIDs for which signatures are included in the mail.
Note that you should probably customize the template if you intend to send non-exportable signatures
(i.e., if gpg-sign-type contains "l"), as uploading such signatures doesn't make sense, and they
require the import option "import-local-sigs" which isn't set by default.
reply-to [string]
Add a Reply-To: header to messages sent. Default: none.
bcc [string]
Address to send blind carbon copies to when sending mail. Default: none.
mailer-send [array]
Parameters to pass to Mail::Mailer. Default: none. Setting this option is strongly discouraged: fix
your local MTA instead.
This could for example be
$CONFIG{'mailer-send'} = [ 'smtp', Server => 'mail.server', Auth => ['user', 'pass'] ];
to use the perl SMTP client, or
$CONFIG{'mailer-send'} = [ 'sendmail', '-f', $CONFIG{'email'}, '-it' ];
to pass arguments to the sendmail program. To specify a sendmail binary you can set the
"PERL_MAILERS" environment variable as follows:
$ENV{'PERL_MAILERS'} = 'sendmail:/path/to/sendmail_compatible_mta';
For more information see Mail::Mailer(3pm).