Image of the glider from the Game of Life by John Conway
Skip to content
{ 2013 03 01 }

Create Your Own Graphical Web Of Trust- Updated

A couple years ago, I wrote about how you can create a graphical representation of your OpenPGP Web of Trust. It's funny how I've been keeping mine up-to-date for these past couple years as I attend keysigning parties, without really thinking about what it looks like. Well, I recently returned from the SCaLE 11x conference, which had a PGP keysigning party. So, I've been keeping the graph up-to-date as new signatures would come in. Then it hit me: am I graphing ONLY the signatures on my key, or all the signatures in my public keyring, or something somewhere in between? It seemed to be the latter, so I decided to do something about it.

The following script assumes you have the signing-party, graphviz and imagemagick packages installed. It grabs only the signatures on your OpenPGP key, downloads any keys that have signed your key that you may not have downloaded, places them in their own public keyring, then uses that information to graph your Web of Trust. Here's the script:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
#!/bin/bash
# Replace $KEY with your own KEYID
KEY="22EEE0488086060F"
echo "Getting initial list of signatures..."
gpg --with-colons --fast-list-mode --list-sigs $KEY | awk -F ':' '$1 ~ /sig|rev/ {print $5}' | sort -u > ${KEY}.ids
echo "Refreshing your keyring..."
gpg --recv-keys $(cat ${KEY}.ids) > /dev/null 2>&1
echo "Creating public keyring..."
gpg --export $(cat ${KEY}.ids) > ${KEY}.gpg
echo "Creating dot file..."
gpg --keyring ./${KEY}.gpg --no-default-keyring --list-sigs | sig2dot > ${KEY}.dot 2> ${KEY}.err
echo "Creating PostScript document..."
neato -Tps ${KEY}.dot > ${KEY}.ps
echo "Creating graphic..."
convert ${KEY}.ps ${KEY}.gif
echo "Finished."

It may take some time to download and refresh your keyring, and it may take some time generating the .dot file. Don't be surprised if it takes 5-10 minutes, or so. However, when it finishes, you should end up with something like what is below (it's obvious when you've attended keysigning parties by the clusters of strength in your web):

pubring-small
Click for a larger version

Posted by Aaron Toponce on Friday, March 1, 2013, at 3:23 am. Filed under Cryptology, Scripting, Security. Follow any responses to this post with its comments RSS feed. You can post a comment or trackback from your blog. For IM, Email or Microblogs, here is the Shortlink.

Post a Comment

Your email is never published nor shared.