[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Maybe helpful - tool to check for chains of trust and collisions in GPG signatures

[Please CC Johannes Thomas Nix on replies; he's not subscribed.]

* Johannes Thomas Nix <Johannes.Thomas.Nix@posteo.net>, 2016-08-11, 09:16:
Found on Reddit a mention of the debian-devel thread about finding GPG key collisions for developer keys.

Why I write, a while ago I thought about these issues of key verification, and resulted in making a small tool which can discover and check trust paths within the PGP web of trust. It uses the "PGP pathfinder" service to discover signature chains. It also warns about collisions.

The thing is still somewhat experimental (probably not suited for general use) but it might be helpful in situations like this.


Very interesting.

Sounds vaguely similar to Enrico's verify-trust-paths:

I am not writing this to debian-devel as I am not myself on the list.

We welcome contributions from people who are not subscribed, too.

If you think this is on topic and helpful, you are allowed to share this message.


Jakub Wilk

Reply to: