Utilities for GnuPG security tool
gpg-tofu is a command-line tool which inputs public key data from
GnuPG (gpg) security tool and outputs "trust on first use" (TOFU)
statistics about the keys. It is similar to gpg --list-keys command
but only with TOFU statistics.
Usage: gpg-tofu [options] [--] [key1 ...]
$ gpg-tofu [email protected]
pub 4E1055DC84E9DFF613D78557719D69D324539450 (expires: [...])
uid [ultimate] Teemu Likonen <[email protected]>
TOFU validity: (4/4) a lot of history for trust, TOFU policy: good
523 signatures in 2 years 9 days (P0002-00-09T18:44:06)
2017-06-09T14:28:16+03:00/2019-06-19T09:12:22+03:00
[...]
Use -h option to print help text.
gpg-graph finds how GnuPG keys are connected by certificates (web
of trust) and outputs a graph data in Graphviz format. Graphviz can
then be used to draw web of trust images.
Usage: gpg-graph [options] [--] [key1 ...]
$ gpg-graph kernel.org | dot -Tpng >wot-dot.png
$ gpg-graph kernel.org | neato -Tpng >wot-neato.png
$ gpg-graph kernel.org | sfdp -Tpng >wot-sfdp.png
Use -h option to print help text.
gpg-cert-path is a tool for finding the shortest certificate path(s)
between two keys. The output is data for Graphviz.
Usage: gpg-cert-path [options] [--] <from-key> <to-key>
$ gpg-cert-path 80615870F5BAD690333686D0F2AD85AC1E42B367 \
ABAF11C65A2970B130ABE3C479BE3E4300411886 | dot -Tpng >path.png
Use -h option to print help text.
gpg-count-steps counts the steps of the shortest certificate path
between any two keys in the keyring. It can test all keys between each
other or just specified keys. If one key is given as argument it counts
certificate steps from that key to all other keys. If two keys are given
as arguments it counts steps just between those keys.
The output consists of lines with three fields:
- The fingerprint of the from key.
- The fingerprint of the to key.
- The number of steps between the keys (or "-" if connection wasn't found).
Usage: gpg-count-steps [options] [--] [from-key [to-key]]
Use -h option to print help text.
The programs are written in the Common Lisp language and require Steel
Bank Common Lisp implementation for compiling and running. For
drawing graphs the Graphviz tool is required. Both should be
available in common GNU/Linux distributions (Debian: apt install sbcl graphviz).
To build the necessary files run this command:
$ make
To install the files in the default locations run this command:
$ sudo make install
The default installation target is under /usr/local directory. You can
configure different directory hierarchy with makefile variable prefix
or separately for executable files with bindir and library files with
libdir. Variable sbcl defines the SBCL path and variable gpg the
GnuPG path. Variables are stored in config.mk file. Use the same
target location variables in compiling and installing.
$ make distclean
$ make sbcl=/usr/local/bin/sbcl bindir=~/bin libdir=~/.local/lib
$ make install
To uninstall all files run command make uninstall with the same
configuration variables as during installation.
Author: Teemu Likonen <[email protected]>
OpenPGP key: 6965F03973F0D4CA22B9410F0F2CAE0E07608462
License: Creative Commons CC0 (public domain dedication)
The source code repository: https://github.com/tlikonen/gpg-utilities