Two utilities: gpg-tofu and gpg-graph

Teemu Likonen tlikonen at
Sun Feb 17 07:23:38 CET 2019


I have made two utilities to help my usage of gpg. I think the
functionality of one of them should be part of gpg.


This program parses "gpg --batch --no-tty --with-tofu-info --with-colons
--list-keys -- [...]" output and displays human readable TOFU
statistics. An example:

$ gpg-tofu tlikonen at

  [ultimate] Teemu Likonen <tlikonen at>
    TOFU validity: (4/4) a lot of history for trust, TOFU policy: good
    428 signatures in 1 year 252 days, first: 2017-06-09 11:28:16, last: 2019-02-16 19:36:03
    404 encryptions in 1 year 244 days, first: 2017-06-15 14:41:30, last: 2019-02-14 19:25:41

In my opinion "gpg --with-tofu-info --list-keys" etc. (without
--with-colons) should display similar human readable TOFU info. Please
make my tool obsolete. :-)


This program parses "gpg --batch --no-tty --with-colons
--check-signatures -- [...]" and prints graph data for Graphviz for
drawing nice web of trust graphs.

$ gpg-graph [key1 ...] | dot -Tpng >wot-dot.png
$ gpg-graph [key1 ...] | neato -Tpng >wot-neato.png
$ gpg-graph [key1 ...] | sfdp -Tpng >wot-sfdp.png

I have seen one similar tool before (packaged in Debian) but it was
broken by design because it tries to parse the human readable output of
"gpg --check-signatures". It didn't work with the default --list-options
of gpg 2.1. Obviously it should parse machine readable --with-colons
output which my version does.

/// Teemu Likonen   - .-..   <> //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list