Tools to make keysigning fun again (replacement for caff)
an idea by kbabioch
Updated over 6 years ago. 8 hacker ♥️. Has no hacker: grab it!

There is a tool called caff, which is the de-facto standard when dealing with keysigning (on a large scale, e.g. after a key signing party). This tool hasn't been touch in years, is written and configured in Perl (hence cannot be read and/or maintained :smile:) and is not easy to package, because of a lot of dependencies, etc. It is not even available in our default repositories (at least for Tumbleweed). In general there seems to be a certain kind of frustration with this software, but there is no real alternative available yet.

Ideally the new toolset should allow to organize a complete keysigning party, e.g. it should assist the organizer with:

  • Collecting all the keys before the keysigning party (e.g. automatically via mail and/or a dedicated OpenPGP keyserver) or by adding them manually (e.g. import the key itself or the key ID)
  • Prepare a keyring/printout containing all of the keys previously collected and make it available to all participants (via mail, via keyserver, by copying it to a HTTP server, or possibly by hosting it over HTTP for ourselves, etc.)

For the actual participants of a keysigning party there should be a set of tools to allow for the following:

  • Optional: Import the keyring published by the organizer
  • Iterate through all of the keys (either from previously imported keyring or specified by the user):
    • Retrieve the key information from a keyserver, if necessary
    • Display the required information (fingerprint, name, UIDs, etc.)
    • Ask the user for confirmation
    • Actually sign the key
  • For each UID that contains a mail address, the following should be done:
    • Strip the UID from the rest of the key
    • Send the receiver his signed key via mail, which makes sure he is (and/or at least was at some point in time) in control over the specified mail address
    • Optional: Upload the key to a keyserver (when the mail loop is not wanted, etc.)

Another set of scripts/tools that might be useful for the organizer of a keysigning party, might allow for visualization of the web of trust before and after the event takes place. For instance the tool could generate a graph on the keyring published before the keysigning party. The resulting image file can be published. After the event has taken place and all of the participants had enough time to sign their keys (e.g. two weeks after the event), you could re-issue the command and publish the new graph. Ideally, the web of trust should be way better than beforehand.

All of this should be configurable via configuration files and command line options. It should be something easy to understand and flexible to use (e.g. YAML). You should not require any knowledge about the programming language that is used (which is the case with caff, since it uses Perl for its configuration file).

While I'm open to discussion about the programming language and tools being used, I'm planning to work on this in Go. I don't have a lot of experience with it yet, and hope to improve my skills with this project. Support for most of the requirements is already available, in particular:

  • OpenPGP for actual cryptographic operations: https://godoc.org/golang.org/x/crypto/openpgp
  • SMTP for sending mail(s): https://golang.org/pkg/net/smtp/
  • Hosting and retrieving content via HTTP: https://golang.org/pkg/net/http/

No Hackers yet

Join this project

Looking for hackers with the skills:

keysigning go programming coding cryptography party

This project is part of:

Hack Week 17

Activity

  • over 7 years ago: xgonzo liked this project.
  • over 7 years ago: ancorgs liked this project.
  • over 7 years ago: pdostal liked this project.
  • over 7 years ago: iulhaq liked this project.
  • over 7 years ago: pluskalm liked this project.
  • over 7 years ago: mkoutny liked this project.
  • over 7 years ago: aspiers liked this project.
  • over 7 years ago: kbabioch liked this project.
  • over 7 years ago: kbabioch added keyword "keysigning" to this project.
  • over 7 years ago: kbabioch added keyword "go" to this project.
  • over 7 years ago: kbabioch added keyword "programming" to this project.
  • over 7 years ago: kbabioch added keyword "coding" to this project.
  • over 7 years ago: kbabioch added keyword "cryptography" to this project.
  • over 7 years ago: kbabioch added keyword "party" to this project.
  • over 7 years ago: kbabioch originated this project.


    • Comments

    • ArchLinux
      over 7 years ago by ArchLinux | Reply

      I wrote a tool called easy-signing-party (https://github.com/mytbk/easy-signing-party) before. add-emoji

    Similar Projects

    SUSE Health Check Tools by roseswe

    SUSE HC Tools Overview

    A collection of tools written in Bash or Go 1.24++ to make life easier with handling of a bunch of tar.xz balls created by supportconfig.

    Background: For SUSE HC we receive a bunch of supportconfig tar balls to check them for misconfiguration, areas for improvement or future changes.

    Main focus on these HC are High Availability (pacemaker), SLES itself and SAP workloads, esp. around the SUSE best practices.

    Goals

    • Overall improvement of the tools
    • Adding new collectors
    • Add support for SLES16

    Resources

    csv2xls* example.sh go.mod listprodids.txt sumtext* trails.go README.md csv2xls.go exceltest.go go.sum m.sh* sumtext.go vercheck.py* config.ini csvfiles/ getrpm* listprodids* rpmdate.sh* sumxls* verdriver* credtest.go example.py getrpm.go listprodids.go sccfixer.sh* sumxls.go verdriver.go

    docollall.sh* extracthtml.go gethostnamectl* go.sum numastat.go cpuvul* extractcluster.go firmwarebug* gethostnamectl.go m.sh* numastattest.go cpuvul.go extracthtml* firmwarebug.go go.mod numastat* xtr_cib.sh*

    A CLI for Harvester by mohamed.belgaied

    Harvester does not officially come with a CLI tool, the user is supposed to interact with Harvester mostly through the UI. Though it is theoretically possible to use kubectl to interact with Harvester, the manipulation of Kubevirt YAML objects is absolutely not user friendly. Inspired by tools like multipass from Canonical to easily and rapidly create one of multiple VMs, I began the development of Harvester CLI. Currently, it works but Harvester CLI needs some love to be up-to-date with Harvester v1.0.2 and needs some bug fixes and improvements as well.

    Project Description

    Harvester CLI is a command line interface tool written in Go, designed to simplify interfacing with a Harvester cluster as a user. It is especially useful for testing purposes as you can easily and rapidly create VMs in Harvester by providing a simple command such as: harvester vm create my-vm --count 5 to create 5 VMs named my-vm-01 to my-vm-05.

    asciicast

    Harvester CLI is functional but needs a number of improvements: up-to-date functionality with Harvester v1.0.2 (some minor issues right now), modifying the default behaviour to create an opensuse VM instead of an ubuntu VM, solve some bugs, etc.

    Github Repo for Harvester CLI: https://github.com/belgaied2/harvester-cli

    Done in previous Hackweeks

    • Create a Github actions pipeline to automatically integrate Harvester CLI to Homebrew repositories: DONE
    • Automatically package Harvester CLI for OpenSUSE / Redhat RPMs or DEBs: DONE

    Goal for this Hackweek

    The goal for this Hackweek is to bring Harvester CLI up-to-speed with latest Harvester versions (v1.3.X and v1.4.X), and improve the code quality as well as implement some simple features and bug fixes.

    Some nice additions might be: * Improve handling of namespaced objects * Add features, such as network management or Load Balancer creation ? * Add more unit tests and, why not, e2e tests * Improve CI * Improve the overall code quality * Test the program and create issues for it

    Issue list is here: https://github.com/belgaied2/harvester-cli/issues

    Resources

    The project is written in Go, and using client-go the Kubernetes Go Client libraries to communicate with the Harvester API (which is Kubernetes in fact). Welcome contributions are:

    • Testing it and creating issues
    • Documentation
    • Go code improvement

    What you might learn

    Harvester CLI might be interesting to you if you want to learn more about:

    • GitHub Actions
    • Harvester as a SUSE Product
    • Go programming language
    • Kubernetes API
    • Kubevirt API objects (Manipulating VMs and VM Configuration in Kubernetes using Kubevirt)

    Cluster API Provider for Harvester by rcase

    Project Description

    The Cluster API "infrastructure provider" for Harvester, also named CAPHV, makes it possible to use Harvester with Cluster API. This enables people and organisations to create Kubernetes clusters running on VMs created by Harvester using a declarative spec.

    The project has been bootstrapped in HackWeek 23, and its code is available here.

    Work done in HackWeek 2023

    • Have a early working version of the provider available on Rancher Sandbox : *DONE *
    • Demonstrated the created cluster can be imported using Rancher Turtles: DONE
    • Stretch goal - demonstrate using the new provider with CAPRKE2: DONE and the templates are available on the repo

    DONE in HackWeek 24:

    DONE in 2025 (out of Hackweek)

    • Support of ClusterClass
    • Add to clusterctl community providers, you can add it directly with clusterctl
    • Testing on newer versions of Harvester v1.4.X and v1.5.X
    • Support for clusterctl generate cluster ...
    • Improve Status Conditions to reflect current state of Infrastructure
    • Improve CI (some bugs for release creation)

    Goals for HackWeek 2025

    • FIRST and FOREMOST, any topic is important to you
    • Add e2e testing
    • Certify the provider for Rancher Turtles
    • Add Machine pool labeling
    • Add PCI-e passthrough capabilities.
    • Other improvement suggestions are welcome!

    Thanks to @isim and Dominic Giebert for their contributions!

    Resources

    Looking for help from anyone interested in Cluster API (CAPI) or who wants to learn more about Harvester.

    This will be an infrastructure provider for Cluster API. Some background reading for the CAPI aspect:

    Advent of Code: The Diaries by amanzini

    Description

    It was the Night Before Compile Time ...

    Hackweek 25 (December 1-5) perfectly coincides with the first five days of Advent of Code 2025. This project will leverage this overlap to participate in the event in real-time.

    To add a layer of challenge and exploration (in the true spirit of Hackweek), the puzzles will be solved using a non-mainstream, modern language like D, Crystal, Gleam or Zig.

    The primary project intent is not just simply to solve the puzzles, but to exercise result sharing and documentation. I'd create a public-facing repository documenting the process. This involves treating each day's puzzle as a mini-project: solving it, then documenting the solution with detailed write-ups, analysis of the language's performance and ergonomics, and visualizations.

                                   |
                             \ ' /
                           -- (*) --
                              >*<
                             >0<@<
                            >>>@<<*
                           >@>*<0<<<
                          >*>>@<<<@<<
                         >@>>0<<<*<<@<
                        >*>>0<<@<<<@<<<
                       >@>>*<<@<>*<<0<*<
         \*/          >0>>*<<@<>0><<*<@<<
     ___\\U//___     >*>>@><0<<*>>@><*<0<<
     |\\ | | \\|    >@>>0<*<0>>@<<0<<<*<@<<
     | \\| | _(UU)_ >((*))_>0><*<0><@<<<0<*<
     |\ \| || / //||.*.*.*.|>>@<<*<<@>><0<<<
     |\\_|_|&&_// ||*.*.*.*|_\\db//_
     """"|'.'.'.|~~|.*.*.*|     ____|_
         |'.'.'.|   ^^^^^^|____|>>>>>>|
         ~~~~~~~~         '""""`------'
------------------------------------------------
This ASCII pic can be found at
https://asciiart.website/art/1831

    Goals

    Code, Docs, and Memes: An AoC Story

    • Have fun!

    • Involve more people, play together

    • Solve Days 1-5: Successfully solve both parts of the Advent of Code 2025 puzzles for Days 1-5 using the chosen non-mainstream language.

    • Daily Documentation & Language Review: Publish a detailed write-up for each day. This documentation will include the solution analysis, the chosen algorithm, and specific commentary on the language's ergonomics, performance, and standard library for the given task.