Is there a way to browse the GPG web of trust?
Melvin Carvalho
melvincarvalho at gmail.com
Fri Oct 7 12:46:32 CEST 2011
On 7 October 2011 11:51, Aaron Toponce <aaron.toponce at gmail.com> wrote:
> On Fri, Oct 07, 2011 at 10:26:59AM +0200, Melvin Carvalho wrote:
>> Just wondering is there a way to browse the GPG web of trust?
>>
>> Is some of the signing data public and downloadable, or is it mainly private?
>
> Yes, and no. The Web of Trust is just a web centered around a specific
> keyring. If you have a specific keyring, you can view that key's Web of
> Trust. All you're looking at are signatures. It becomes a bit troublesome
> after a while, because you look not only at that key's signatures, but the
> signatures of those who signed the key as well.
>
> If you want a graphical view of a Web of Trust, here is a quick shell
> script you can run that ends up with a GIF you can view an any image
> editor. You'll need GnuPG, of course, as well as signing-party (which
> provides sig2dot), graphviz (which provides neato) and imagemagik (which
> provides convert):
>
> gpg --list-sigs --keyring ~/.gnupg/pubring.gpg | sig2dot > ~/.gnupg/pubring.dot 2> ~/.gnupg/pubring.error.txt
> neato -Tps ~/.gnupg/pubring.dot > ~/.gnupg/pubring.neato.ps
> convert ~/.gnupg/pubring.neato.ps ~/.gnupg/pubring.gif
>
> The more signatures and keys in that keyring, the more complex the Web of
> Trust could be, and the longer it may take to generate that GIF. On my
> Intel dualcore laptop, I rendered a keyring for a friend, and it took over
> 30 minutes. So, be patient. Here's mine (using the script above):
>
> http://aarontoponce.org/pubring.gif
>
> Further, there is also the "Strong Set", which is said to be the largest
> Web of Trust on the Internet. You can view that web here:
>
> http://pgp.cs.uu.nl/plot/
>
> As an interesting sidenote, the top 25 keys, and all but 15 of the top 50
> keys in that web belong to contributors of the Debian project (or so I've
> been told).
This is awesome, thanks!
Is it possible to get a dump of all the signatures in a particular key server?
BTW: Just as a side note, I am studying "web of trust" as a general
concept (hopefully to become part of a PhD). There is also the "FOAF"
web of trust, which is bigger (say 100 million plus) but perhap not as
high quality as GPG. Im also looking at the data in
http://convergence.io/ ... it might be an idea to try and map all the
different web of trusts on the internets and collate the data together
...
>
> --
> . o . o . o . . o o . . . o .
> . . o . o o o . o . o o . . o
> o o o . o . . o o o o . o o o
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
More information about the Gnupg-users
mailing list