The common technique for signing large amounts of keys
after a key-signing party is to, well, simply sign all
keys and mail them to their owners. But this might not
the best way. Because if you sign a key, you often
sign many uids with different e-mail addresses. If
any but one of these don't work you won't notice, because you
signed all of them and mailed the result around.
Thus your signature certifies that this key belongs
to addresses it doesn't really belong to.
To avoid this, Peter Palfrader
wrote caff. This Perl script
converts keys with many uids to many keys with just one
uid each, and signs these. It then encrypts each signed
key with itself and sends it to the e-mail address in
the uid. This helps to assure that you don't sign uids
with e-mail addresses which aren't under the control of
the signee. Caff removes other signatures from the keys
as well, to make the mails smaller and easier to process.
The script needs the experimental
and the Perl module GnuPG::Interface.
Peter Palfrader is the author of caff, I merely added a
few features to allow signing with multiple and older keys,
and to have caff just save the mails in a folder instead
of sending them off at once.
Fixed an error in the handling of extensions (e.g.