Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

visualize the GnuPG web of trust

Tags:

Is there some way to visualise the GnuPG web of trust? With my (or any other) key in the middle, with the signed keys in the first circle, the trustpersons' trustpersons in the next and so on?

If there is nothing like that, I should be able to build something like that based on the key signatures from my lokal keyring, right?

like image 785
Martin Ueding Avatar asked Apr 29 '11 17:04

Martin Ueding


People also ask

What can you do with GnuPG?

GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications.

What is a GnuPG signature?

What is GPG? GPG, or GNU Privacy Guard, is a suite of cryptographic software. It can be used to encrypt or sign data and communications to ensure its authenticity. This type of cryptography is based on key pairs. A public key is hosted on a key server (e.g. keyserver.ubuntu.com) and the private key is kept secret.

What is GnuPG public key?

GnuPG uses public-key cryptography so that users may communicate securely. In a public-key system, each user has a pair of keys consisting of a private key and a public key. A user's private key is kept secret; it need never be revealed. The public key may be given to anyone with whom the user wants to communicate.

How do you trust public keys?

The public key would be signed by another authority. Check if this authority is genuine and renowned. If it is unknown then try to further check its signing authority and see if its a renowned one. The concept of trusting this public key is based on basing your inherent trust in authority which signs this certificate.


1 Answers

One approach is to convert the output of gpg --list-sigs to a dot file that can be rendered into a graph with the graphviz tools.

Use gpg, sig2dot, and dot like this:

gpg --list-sigs | sig2dot.pl > gpg.dot dot -Tps gpg.dot > gpg.ps evince gpg.ps 
like image 153
Anders Lindahl Avatar answered Sep 26 '22 18:09

Anders Lindahl