Additional keyring data
I've received some requests for information about hash algorithms
used in signatures and the potential impact of dropping 1024-bit
keys on connectivity.
The software used is graphviz 2.26.3-16.2, hopenpgp-tools 0.7, and the
attached script. All info represents only verified, unexpired V4
non-self signatures from keys in a self-contained set (that set being
either /usr/share/keyrings/debian-keyring.gpg or the concatenation
of /usr/share/keyrings/debian-{keyring,maintainers,nonupload}.gpg).
Hash algorithms used by signatures in current-dds:
9836 SHA1
3279 SHA256
6 SHA384
1790 SHA512
.
Hash algorithms used by signatures in current-everybody:
10958 SHA1
3921 SHA256
7 SHA384
2115 SHA512
.
Hash algorithms used by signatures in postdrop-dds:
1895 SHA1
2677 SHA256
6 SHA384
1559 SHA512
.
Hash algorithms used by signatures in postdrop-everybody:
2542 SHA1
3225 SHA256
7 SHA384
1860 SHA512
.
Connectivity in current-dds:
994 14911 Keys (<stdin>)
926 14904 Keys_component_0
1 0 Keys_component_1
1 0 Keys_component_2
1 0 Keys_component_3
1 0 Keys_component_4
1 0 Keys_component_5
1 0 Keys_component_6
2 2 Keys_component_7
2 1 Keys_component_8
1 0 Keys_component_9
1 0 Keys_component_10
2 1 Keys_component_11
1 0 Keys_component_12
1 0 Keys_component_13
1 0 Keys_component_14
1 0 Keys_component_15
1 0 Keys_component_16
1 0 Keys_component_17
1 0 Keys_component_18
1 0 Keys_component_19
1 0 Keys_component_20
1 0 Keys_component_21
1 0 Keys_component_22
1 0 Keys_component_23
1 0 Keys_component_24
1 0 Keys_component_25
1 0 Keys_component_26
1 0 Keys_component_27
1 0 Keys_component_28
1 0 Keys_component_29
1 0 Keys_component_30
1 0 Keys_component_31
1 0 Keys_component_32
1 0 Keys_component_33
1 0 Keys_component_34
1 0 Keys_component_35
1 0 Keys_component_36
1 0 Keys_component_37
1 0 Keys_component_38
1 0 Keys_component_39
1 0 Keys_component_40
1 0 Keys_component_41
1 0 Keys_component_42
1 0 Keys_component_43
1 0 Keys_component_44
2 1 Keys_component_45
1 0 Keys_component_46
1 0 Keys_component_47
1 0 Keys_component_48
1 0 Keys_component_49
1 0 Keys_component_50
1 0 Keys_component_51
1 0 Keys_component_52
1 0 Keys_component_53
1 0 Keys_component_54
1 0 Keys_component_55
1 0 Keys_component_56
1 0 Keys_component_57
1 0 Keys_component_58
1 0 Keys_component_59
1 0 Keys_component_60
2 2 Keys_component_61
1 0 Keys_component_62
1 0 Keys_component_63
.
Connectivity in current-everybody:
1208 17001 Keys (<stdin>)
1129 16991 Keys_component_0
1 0 Keys_component_1
1 0 Keys_component_2
1 0 Keys_component_3
1 0 Keys_component_4
1 0 Keys_component_5
1 0 Keys_component_6
1 0 Keys_component_7
2 2 Keys_component_8
1 0 Keys_component_9
1 0 Keys_component_10
2 1 Keys_component_11
1 0 Keys_component_12
1 0 Keys_component_13
1 0 Keys_component_14
2 1 Keys_component_15
1 0 Keys_component_16
1 0 Keys_component_17
1 0 Keys_component_18
1 0 Keys_component_19
3 3 Keys_component_20
1 0 Keys_component_21
1 0 Keys_component_22
1 0 Keys_component_23
1 0 Keys_component_24
1 0 Keys_component_25
1 0 Keys_component_26
1 0 Keys_component_27
1 0 Keys_component_28
1 0 Keys_component_29
1 0 Keys_component_30
1 0 Keys_component_31
1 0 Keys_component_32
1 0 Keys_component_33
1 0 Keys_component_34
1 0 Keys_component_35
1 0 Keys_component_36
1 0 Keys_component_37
1 0 Keys_component_38
1 0 Keys_component_39
1 0 Keys_component_40
1 0 Keys_component_41
1 0 Keys_component_42
1 0 Keys_component_43
1 0 Keys_component_44
1 0 Keys_component_45
1 0 Keys_component_46
1 0 Keys_component_47
1 0 Keys_component_48
1 0 Keys_component_49
1 0 Keys_component_50
1 0 Keys_component_51
1 0 Keys_component_52
1 0 Keys_component_53
1 0 Keys_component_54
2 1 Keys_component_55
1 0 Keys_component_56
1 0 Keys_component_57
1 0 Keys_component_58
1 0 Keys_component_59
1 0 Keys_component_60
1 0 Keys_component_61
1 0 Keys_component_62
1 0 Keys_component_63
1 0 Keys_component_64
1 0 Keys_component_65
1 0 Keys_component_66
1 0 Keys_component_67
1 0 Keys_component_68
1 0 Keys_component_69
2 2 Keys_component_70
1 0 Keys_component_71
1 0 Keys_component_72
.
Connectivity in postdrop-dds:
382 6137 Keys (<stdin>)
1 0 Keys_component_0
1 0 Keys_component_1
357 6137 Keys_component_2
1 0 Keys_component_3
1 0 Keys_component_4
1 0 Keys_component_5
1 0 Keys_component_6
1 0 Keys_component_7
1 0 Keys_component_8
1 0 Keys_component_9
1 0 Keys_component_10
1 0 Keys_component_11
1 0 Keys_component_12
1 0 Keys_component_13
1 0 Keys_component_14
1 0 Keys_component_15
1 0 Keys_component_16
1 0 Keys_component_17
1 0 Keys_component_18
1 0 Keys_component_19
1 0 Keys_component_20
1 0 Keys_component_21
1 0 Keys_component_22
1 0 Keys_component_23
1 0 Keys_component_24
1 0 Keys_component_25
.
Connectivity in postdrop-everybody:
542 7634 Keys (<stdin>)
1 0 Keys_component_0
495 7630 Keys_component_1
1 0 Keys_component_2
1 0 Keys_component_3
1 0 Keys_component_4
1 0 Keys_component_5
1 0 Keys_component_6
1 0 Keys_component_7
1 0 Keys_component_8
1 0 Keys_component_9
1 0 Keys_component_10
1 0 Keys_component_11
1 0 Keys_component_12
1 0 Keys_component_13
1 0 Keys_component_14
1 0 Keys_component_15
1 0 Keys_component_16
1 0 Keys_component_17
1 0 Keys_component_18
1 0 Keys_component_19
1 0 Keys_component_20
1 0 Keys_component_21
1 0 Keys_component_22
1 0 Keys_component_23
1 0 Keys_component_24
1 0 Keys_component_25
1 0 Keys_component_26
1 0 Keys_component_27
1 0 Keys_component_28
1 0 Keys_component_29
1 0 Keys_component_30
2 2 Keys_component_31
1 0 Keys_component_32
1 0 Keys_component_33
1 0 Keys_component_34
1 0 Keys_component_35
1 0 Keys_component_36
1 0 Keys_component_37
2 2 Keys_component_38
1 0 Keys_component_39
1 0 Keys_component_40
1 0 Keys_component_41
1 0 Keys_component_42
1 0 Keys_component_43
1 0 Keys_component_44
1 0 Keys_component_45
.
Strong connectivity in current-dds:
2 2 cluster_0 (<stdin>)
2 2 cluster_1 (<stdin>)
849 14710 cluster_2 (<stdin>)
2 2 cluster_3 (<stdin>)
2 2 cluster_4 (<stdin>)
2 2 cluster_5 (<stdin>)
6 21 scc_map (<stdin>)
865 14741 total
.
Strong connectivity in current-everybody:
2 2 cluster_0 (<stdin>)
2 2 cluster_1 (<stdin>)
2 3 cluster_2 (<stdin>)
2 2 cluster_3 (<stdin>)
1018 16715 cluster_4 (<stdin>)
2 2 cluster_5 (<stdin>)
2 2 cluster_6 (<stdin>)
2 2 cluster_7 (<stdin>)
2 2 cluster_8 (<stdin>)
2 2 cluster_9 (<stdin>)
10 29 scc_map (<stdin>)
1046 16763 total
.
Strong connectivity in postdrop-dds:
327 6049 cluster_0 (<stdin>)
2 2 cluster_1 (<stdin>)
2 1 scc_map (<stdin>)
331 6052 total
.
Strong connectivity in postdrop-everybody:
2 2 cluster_0 (<stdin>)
2 3 cluster_1 (<stdin>)
440 7472 cluster_2 (<stdin>)
2 2 cluster_3 (<stdin>)
3 5 cluster_4 (<stdin>)
2 2 cluster_5 (<stdin>)
2 2 cluster_6 (<stdin>)
7 9 scc_map (<stdin>)
460 7497 total
.
#!/bin/zsh
tempdir=$(mktemp -d)
trap 'rm -r ${tempdir}' EXIT
hokey graph </usr/share/keyrings/debian-keyring.gpg > ${tempdir}/current-dds
hokey graph <<(cat /usr/share/keyrings/debian-keyring.gpg /usr/share/keyrings/debian-maintainers.gpg /usr/share/keyrings/debian-nonupload.gpg) > ${tempdir}/current-everybody
hkt export-pubkeys --keyring /usr/share/keyrings/debian-keyring.gpg --filter 'keysize > 1024' > ${tempdir}/1024dropped-dds.keyring
hkt export-pubkeys --keyring <(cat /usr/share/keyrings/debian-keyring.gpg /usr/share/keyrings/debian-maintainers.gpg /usr/share/keyrings/debian-nonupload.gpg) --filter 'keysize > 1024' > ${tempdir}/1024dropped-everybody.keyring
hokey graph <${tempdir}/1024dropped-dds.keyring > ${tempdir}/postdrop-dds
hokey graph <${tempdir}/1024dropped-everybody.keyring > ${tempdir}/postdrop-everybody
(
cd ${tempdir} &&
for i in current-dds current-everybody postdrop-dds postdrop-everybody; do
print "Hash algorithms used by signatures in ${i}:"
gvpr 'E{printf("%s\n", label);}' ${i} | sort | uniq -c
print "."
done
)
(
cd ${tempdir} &&
for i in current-dds current-everybody postdrop-dds postdrop-everybody; do
print "Connectivity in ${i}:"
ccomps ${i} | gc -r
print "."
done
)
(
cd ${tempdir} &&
for i in current-dds current-everybody postdrop-dds postdrop-everybody; do
print "Strong connectivity in ${i}:"
sccmap ${i} | gc
print "."
done
)
Reply to: