Keysigning companion

OpenPGP fingerprint exchange, running on Cefrium — native CEF on Android. The system WebView has no Web NFC and no camera barcode access like this.

Ready.

Show this to sign me

A live QR of your OPENPGP4FPR URI. Rendered on screen from your key — nobody can overwrite it.

Keysigning, in a minute

To trust an OpenPGP key, others sign it after confirming it really belongs to you. Their signatures build the web of trust (and get your key into the Debian keyring). This app speeds up the part where you exchange fingerprints.

What it replaces

The old wayPrint paper slips with your 40-hex fingerprint, read it aloud, everyone transcribes it by hand -- typo-prone and slow.
With CefriumShow a QR or tap a tag. The exact fingerprint is captured with zero transcription. (WebView can do neither.)

The flow

1. Show — your fingerprint as a live QR (Share), or hand out a written NFC tag (My tag).
2. Capture — the other person scans your QR with their camera, or taps your tag (Collect). Repeat for everyone.
3. Verify in person — they check your government photo ID and confirm the captured fingerprint is really yours. This is the trust step.
4. caff — on their laptop they run caff <fingerprint> (Export shares the command). It fetches your key from the keyserver and signs that copy.
5. Trust grows — the signature is published; your key gains a verified link in the web of trust.
Logistics, not trust. The QR/tag only carries a candidate fingerprint -- it could be tampered. Safety comes from step 3 (ID check) and signing from the keyserver copy, never from the tap itself. A tag is rewritable; a screen QR is not, which is why QR is the live channel.