As you know, if you want to be a Debian mainter or developer, you need to have a GPU keys, and you key must be signed by three different Debian developer, also GPG keys is quite popular in open source development world, it is kind of a new ID for you. Here is a Instructuion about how to sign your GPG keys by CAFF, enjoy.


Using CAFF to sign GPG keys


Set up email

If you don't have an email transport setup (such as sendmail, postfix, etc.), exim4 provides a simple satellite-only mechanism.

  1. install exim4
    sudo apt-get install exim4
  2. Configure exim4 by following the on screen instructions
    dpkg-reconfigure exim4-config
    • Note, use setup your mail server
    • Your config file should look like this when finished
      # /etc/exim4/update-exim4.conf.conf
      # Edit this file and /etc/mailname by hand and execute update-exim4.conf
      # yourself or use 'dpkg-reconfigure exim4-config'
      # Please note that this is _not_ a dpkg-conffile and that automatic changes
      # to this file might happen. The code handling this will honor your local
      # changes, so this is usually fine, but will break local schemes that mess
      # around with multiple versions of the file.
      # update-exim4.conf uses this file to determine variable values to generate
      # exim configuration macros for the configuration file.
      # Most settings found in here do have corresponding questions in the
      # Debconf configuration, but not all of them.
      # This is a Debian specific file
  3. Add aliases to the /etc/email-address file to map username to appropriate email from address
    1. Send a test email
      mail -s <subject> <to address>

      put in a blank CC address and anybody you'd like, to send the email press Ctrl + d

Set up CAFF

  1. Install signing-party if not install so that you can use caff
  2. Configure caff by running caff once and editing the .caffrc file
    1. Set owner, email, and reply-to values
    2. Set the keyid field to your the last 4 quad words of your gpg fingerprint (use gpg –fingerprint <userid>)
    3. If desired, uncomment the lines below the # Mail template line to include instructions in your response mail
  3. Sign a key with caff
    caff <keyid>
    1. When given the gpg prompt, type save and enter
    • The last option will allow you to send the response email

Import a Key Sent with CAFF

  1. Download the *.asc file sent in the email
  2. Decrypt the message using gpg
    gpg msg.asc
    • This will create a msg file
  3. Import the signature of your key
    gpg --import msg
  4. Push you key back to the keyserver
    gpg --keyserver --send-key <your keyid>

Get Rid of the Pesky [User ID Not Found] When Listing Sigs

  1. Find any missing public keys in your keyring
    gpg --list-sigs <your keyid>
  2. Receive any missing keys from the keyserver
    gpg --keyserver --recv-keys <missing key>
    • You can provide –recv-keys a list of keys by separating them with white space