Is there a way to browse the GPG web of trust?
aaron.toponce at gmail.com
Fri Oct 7 11:51:53 CEST 2011
On Fri, Oct 07, 2011 at 10:26:59AM +0200, Melvin Carvalho wrote:
> Just wondering is there a way to browse the GPG web of trust?
> Is some of the signing data public and downloadable, or is it mainly private?
Yes, and no. The Web of Trust is just a web centered around a specific
keyring. If you have a specific keyring, you can view that key's Web of
Trust. All you're looking at are signatures. It becomes a bit troublesome
after a while, because you look not only at that key's signatures, but the
signatures of those who signed the key as well.
If you want a graphical view of a Web of Trust, here is a quick shell
script you can run that ends up with a GIF you can view an any image
editor. You'll need GnuPG, of course, as well as signing-party (which
provides sig2dot), graphviz (which provides neato) and imagemagik (which
gpg --list-sigs --keyring ~/.gnupg/pubring.gpg | sig2dot > ~/.gnupg/pubring.dot 2> ~/.gnupg/pubring.error.txt
neato -Tps ~/.gnupg/pubring.dot > ~/.gnupg/pubring.neato.ps
convert ~/.gnupg/pubring.neato.ps ~/.gnupg/pubring.gif
The more signatures and keys in that keyring, the more complex the Web of
Trust could be, and the longer it may take to generate that GIF. On my
Intel dualcore laptop, I rendered a keyring for a friend, and it took over
30 minutes. So, be patient. Here's mine (using the script above):
Further, there is also the "Strong Set", which is said to be the largest
Web of Trust on the Internet. You can view that web here:
As an interesting sidenote, the top 25 keys, and all but 15 of the top 50
keys in that web belong to contributors of the Debian project (or so I've
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 527 bytes
Desc: Digital signature
More information about the Gnupg-users