Re: State of the debian keyring
On Thu, Jan 23, 2014 at 10:07:29PM +0000, Clint Adams wrote:
> The following three reports were generated with debian-keyring
> 2013.12.13, hopenpgp-tools 0.4-1, jshon 20131010-3, and the
Redone with debian-keyring 2014.01.31, hopenpgp-tools 0.6-1,
jq 1.3-1.1, and attached script:
(/usr/share/keyrings/debian-keyring.gpg)
Total primary keys: 994
Key versions:
994 4
Primary key pubkey algorithms:
611 "DSA"
383 "RSA"
Primary key pubkey sizes:
612 1024
27 2048
2 3072
350 4096
2 8192
1 10240
Judgment on preferred hash algorithms of "best" uid/uat:
540 null
453 "weak hash with higher preference"
Judgment on expiration times of "best" uid/uat:
9 "expiration passed"
30 "expiration too far in future"
870 "no expiration set"
84 null
Total number of UIDs + UAts: 4377
Hash algorithm used for most recent self-sig:
1 "RIPEMD160"
3125 "SHA1"
1078 "SHA256"
2 "SHA384"
171 "SHA512"
Judgment on preferred hash algorithms:
1252 null
3125 "weak hash algorithm"
Judgment on expiration times:
50 "expiration passed"
111 "expiration too far in future"
3871 "no expiration set"
345 null
==========================================
(/usr/share/keyrings/debian-maintainers.gpg)
Total primary keys: 205
Key versions:
205 4
Primary key pubkey algorithms:
54 "DSA"
151 "RSA"
Primary key pubkey sizes:
54 1024
1 1280
15 2048
1 3072
133 4096
1 8192
Judgment on preferred hash algorithms of "best" uid/uat:
169 null
36 "weak hash with higher preference"
Judgment on expiration times of "best" uid/uat:
3 "expiration passed"
6 "expiration too far in future"
161 "no expiration set"
35 null
Total number of UIDs + UAts: 626
Hash algorithm used for most recent self-sig:
316 "SHA1"
240 "SHA256"
70 "SHA512"
Judgment on preferred hash algorithms:
310 null
316 "weak hash algorithm"
Judgment on expiration times:
7 "expiration passed"
18 "expiration too far in future"
508 "no expiration set"
93 null
==========================================
(/usr/share/keyrings/debian-nonupload.gpg)
Total primary keys: 9
Key versions:
9 4
Primary key pubkey algorithms:
9 "RSA"
Primary key pubkey sizes:
1 2048
8 4096
Judgment on preferred hash algorithms of "best" uid/uat:
9 null
Judgment on expiration times of "best" uid/uat:
6 "no expiration set"
3 null
Total number of UIDs + UAts: 25
Hash algorithm used for most recent self-sig:
7 "SHA1"
16 "SHA256"
2 "SHA512"
Judgment on preferred hash algorithms:
18 null
7 "weak hash algorithm"
Judgment on expiration times:
14 "no expiration set"
11 null
==========================================
#!/bin/zsh
infile=${1:-/usr/share/keyrings/debian-keyring.gpg}
tempfile=$(mktemp)
trap 'rm ${tempfile}' EXIT
hokey lint --output-format JSON <${infile} >${tempfile}
print -n "Total primary keys: "
wc -l <${tempfile} # jq '.keyFingerprint' ${tempfile} | wc -l
print "Key versions: "
jq '.keyVer.val' ${tempfile} | sort | uniq -c
print "Primary key pubkey algorithms: "
jq '.keyAlgorithmAndSize.pubkeyalgo.val' ${tempfile} | sort | uniq -c
print "Primary key pubkey sizes: "
jq '.keyAlgorithmAndSize.pubkeysize.val' ${tempfile} | sort -n | uniq -c
print "Judgment on preferred hash algorithms of \"best\" uid/uat: "
jq '.keyBestOf.uidPreferredHashAlgorithms | .[].explanation' ${tempfile} | sort | uniq -c
print "Judgment on expiration times of \"best\" uid/uat: "
jq '.keyBestOf.uidKeyExpirationTimes | .[].explanation' ${tempfile} | sort | uniq -c
print -n "Total number of UIDs + UAts: "
jq '.keyUIDsAndUAts | keys | .[]' ${tempfile} | wc -l
print "Hash algorithm used for most recent self-sig: "
jq '.keyUIDsAndUAts | .[].uidSelfSigHashAlgorithms | .[].val' ${tempfile} | sort | uniq -c
print "Judgment on preferred hash algorithms: "
jq '.keyUIDsAndUAts | .[].uidSelfSigHashAlgorithms | .[].explanation' ${tempfile} | sort | uniq -c
print "Judgment on expiration times: "
jq '.keyUIDsAndUAts | .[].uidKeyExpirationTimes | .[].explanation' ${tempfile} | sort | uniq -c
print "=========================================="
Reply to: