Image of the glider from the Game of Life by John Conway
Skip to content

Create Your Own Graphical Web of Trust

I created my GnuPG key back in 2004, and I've been very active with it since (thank you Glen). I have also seen graphical representations of the Web of Trust for a specific public keyring, and I've always been curious how I could create my own. Well, last night I finally buckled down and figured it out. So, hopefully, this will be of interest for some. In case you're curious, this is what I'm talking about.

First, make sure you have the gnupg, sig2dot, graphviz and imagemagick packages installed. You will need various tools from each of these. Of course, you'll also need access to your public keyring. This is generally found in the ~/.gnupg/pubring.gpg file.

First, the sig2dot package just provides a single Perl script that reads signatures in an OpenPGP/GPG keyring, and creates a "dot" file. This dot file is just an ASCII file that describes the relationships between the signatures in the file, and their distance to/from each other. However, the dot file by itself isn't very interesting. So, we can covert that dot file to a PostScript file or an image directly. Personally, I have found that creating the PostScript file, then converting to an image from that to produce better results than going directly from the dot file to an image. Of course, one you have your image, you're done.

So, here's the commands in order that are needed to create your graphical web of trust. I do everything in my ~/.gnupg/ directory, as you can see. Feel free to do this wherever you wish:

$ gpg --list-sigs --keyring ~/.gnupg./pubring.gpg | sig2dot > ~/.gnupg/pubring.dot 2> ~/.gnupg/pubring.error.txt
$ neato -Tps ~/.gnupg/pubring.dot > ~/.gnupg/pubring.ps
$ convert ~/.gnupg/pubring.ps ~/.gnupg/pubring.gif

This should take a bit, depending on the size of your pubring.gpg file. On my dual core, with 4GB RAM, it takes about 45 seconds from start to finish, which is a bit longer than you initially would expect. Also, some have reported that the "neato" command doesn't work for them. So, the graphviz package also provides the "dot" binary for working on dot file. So, instead, you could run:

$ gpg --list-sigs --keyring ~/.gnupg./pubring.gpg | sig2dot > ~/.gnupg/pubring.dot 2> ~/.gnupg/pubring.error.txt
$ dot -Tps ~/.gnupg/pubring.dot > ~/.gnupg/pubring.ps
$ convert ~/.gnupg/pubring.ps ~/.gnupg/pubring.gif

You'll notice that I'm saving the STDERR output to "~/.gnupg/pubring.error.txt". I'm only doing this for logging purposes. Also, feel free to experiment with the options for both neato/dot and convert. I like the GIF format, as it's 1/10 the size of the equivalent PNG, so it's great to put up on web pages to save bandwidth. I believe neato/dot supports SVG, so you could try that as well.

At any event, you might want to save the above in a script in your ~/.gnupg/ directory, in case you want to update your web of trust image. Here's mine: http://aarontoponce.org/pubring.gif.

Happy hacking!

{ 3 } Comments

  1. Trevor Sharpe using Firefox 3.6.9 on Ubuntu 64 bits | September 16, 2010 at 3:03 pm | Permalink

    you could have done something like:

    neato -Tps -Goverlap=scale -Gsplines=true -o ~/pubring.ps ~/,gnupg/pubring.dot

    That would have reduced the clutter... just my $.02

  2. Aaron using Google Chrome 6.0.472.55 on GNU/Linux 64 bits | September 16, 2010 at 3:32 pm | Permalink

    That works. I'm still playing with some of the options. With -Goverlap and -Gsplines=true, it takes substantially longer to get through the neato command.

  3. Trevor Sharpe using Firefox 3.6.9 on Ubuntu 64 bits | September 16, 2010 at 4:09 pm | Permalink

    Yes but it looks better IMO

{ 2 } Trackbacks

  1. [...] Aaron Toponce : Create Your Own Graphical Web of Trust [...]

  2. [...] couple years ago, I wrote about how you can create a graphical representation of your OpenPGP Web of Trust. It’s funny how I’ve been keeping mine up-to-date for these past couple years as I [...]

Post a Comment

Your email is never published nor shared.

Switch to our mobile site