frntn/gpg-key-validity.sh

## gpg-key-validity.sh
#!/bin/bash

# Author: Matthieu Fronton <m@tthieu.fr>
# Profile: github.com/frntn
# Description: GnuPG web of trust : automate multiple scenarii to help the understanding of https://www.gnupg.org/gph/en/manual/x334.html

WAIT=4

if [ -t 1 ]; then
cya="$(tput setaf 6)"
ylw="$(tput setaf 3)"
bld="$(tput bold)"
rst="$(tput sgr0)"
fi

read -p "About to remove ~/.gnupg folder. Confirm ? (y/N) " -n 1 -r choice
[ "$choice" != "y" ] && exit
echo

cat <<EOF
$bld
====================================================
Init new GnuPG keyring
$rst
EOF

echo "Resetting .gnupg keyrings$rst"
rm -rf $HOME/.gnupg
gpg -K 2>/dev/null

for user in alice blake chloe dharma francis elena geoff
do
    echo "Creating user '$user'$rst"
    cat >${user}.input <<EOF
%echo Generating a default key
Key-Type: RSA
Subkey-Type: RSA
Name-Real: ${user}
Name-Comment: ${user}'s key
Name-Email: ${user}@foo.bar
Expire-Date: 0
Passphrase: abc
%commit
%echo done
EOF

    gpg --batch --gen-key ${user}.input 2>/dev/null

done

cat <<EOF
$bld
====================================================
Building our "web of trust" template

   +-------+          +-------+       +-------+        +-------+       +-------+
   |       |          |       |       |       |        |       |       |       |
   | alice +----------> darma +-------> chloe +--------> elena +-------> geoff |
   | (me)  |          |       |       |       |        |       |       |       |
   +-------+          +-------+       +-------+        +-------+       +-------+
                                          |
                      +-------+           |           +---------+
                      |       |           +----------->         |
                      | blake |                       | francis |
                      |       +----------------------->         |
                      +-------+                       +---------+

(Adaptation of Figure 3-1 from https://www.gnupg.org/gph/en/manual/x334.html)
$rst
EOF

#echo "Alice ---> Dharma$rst"
echo abc | gpg --batch --yes --passphrase-fd 0 -u alice --sign-key dharma >/dev/null 2>/dev/null

#echo "Dharma ---> Chloe$rst"
echo abc | gpg --batch --yes --passphrase-fd 0 -u dharma --sign-key chloe >/dev/null 2>/dev/null
#echo "Blake ---> Chloe$rst"
echo abc | gpg --batch --yes --passphrase-fd 0 -u blake --sign-key chloe >/dev/null 2>/dev/null

#echo "Chloe ---> Francis$rst"
echo abc | gpg --batch --yes --passphrase-fd 0 -u chloe --sign-key francis >/dev/null 2>/dev/null
#echo "Blake ---> Francis$rst"
echo abc | gpg --batch --yes --passphrase-fd 0 -u blake --sign-key francis >/dev/null 2>/dev/null

#echo "Chloe ---> Elena$rst"
echo abc | gpg --batch --yes --passphrase-fd 0 -u chloe --sign-key elena >/dev/null 2>/dev/null
#echo "Elena ---> Geoff$rst"
echo abc | gpg --batch --yes --passphrase-fd 0 -u elena --sign-key geoff >/dev/null 2>/dev/null

cat <<EOF
$bld
----------------------------------------------------

And now lets play various ${ylw}trust scenarii${rst}${bld} and check ${ylw}computed validity${rst}${bld}
(computed validity is based on a combination of signing trust, signing distance and signing count)
$rst
# Reminder...
# 6: I trust ultimately
# 5: I trust fully
# 4: I trust marginally
# 3: I do NOT trust
# 2: I don't know or won't say

EOF

read -p "Press any key to continue..."

cat <<EOF
$bld$cya
====================================================
Scenario 1: blake & dharma marginally trusted
$rst
EOF

sleep $WAIT

trust() {
  #echo "${bld}Trusting '$1:$2'$rst"
  gpg --fingerprint --with-colons --list-keys 2>/dev/null | \
    awk -F: -v keyname="$1" -v trustlevel="$2" '
	$1=="pub" && $10 ~ keyname { fpr=1 }
	$1=="fpr" && fpr { print $10 ":" trustlevel ":" ; exit }' | \
    gpg --import-ownertrust
}

trust alice 6
trust dharma 4
trust blake 4

trust chloe 2
trust francis 2
trust elena 2
trust geoff 2

cat <<EOF
$bld
----------------------------------------------------
Dump trust/validity of each user
$rst
EOF

gpg --edit-key alice quit
gpg --edit-key dharma quit
gpg --edit-key blake quit
gpg --edit-key chloe quit
gpg --edit-key francis quit
gpg --edit-key elena quit
gpg --edit-key geoff quit

#read -p "${bld}chloe's validity above is marginal
#${ylw}That's because it has been signed by 2 marginally trusted keys (blake & dharma)$rst"

cat <<EOF
$bld
----------------------------------------------------
Analyzing the above :
${ylw}
alice  : ultimate/ultimate  # 'ultimate' because self trusted ultimately
dharma : marginal/full      # 'full' because signed by myself
blake  : marginal/unknown   # 'unknown' because not signed
chloe  : undefined/marginal # 'marginal' because signed by 2 marginally trusted (dharma & blake)
francis: undefined/unknown  # 'unknown' because signed by 1 marginally trusted (chloe)
$rst
EOF

read -p "Press any key to continue..."

cat <<EOF
$bld$cya
====================================================
Scenario 2: blake & dharma & chloe marginally trusted
$rst
EOF

sleep $WAIT

trust alice 6
trust dharma 4
trust blake 4
trust chloe 4

trust francis 2
trust elena 2
trust geoff 2

cat <<EOF
$bld
----------------------------------------------------
Dump trust/validity of each user
$rst
EOF

gpg --edit-key alice quit
gpg --edit-key dharma quit
gpg --edit-key blake quit
gpg --edit-key chloe quit
gpg --edit-key francis quit
gpg --edit-key elena quit
gpg --edit-key geoff quit

cat <<EOF
$bld
----------------------------------------------------
Analyzing the above :
${ylw}
alice  : ultimate/ultimate  # 'ultimate' because self trusted ultimately
dharma : marginal/full      # 'full' because signed by myself
blake  : marginal/unknown   # 'unknown' because not signed
chloe  : marginal/marginal  # 'marginal' because signed by 2 marginally trusted (dharma & blake)
francis: undefined/unknown  # 'unknown' because signed by 1 marginally trusted (chloe)
$rst
EOF

read -p "Press any key to continue..."

cat <<EOF
$bld$cya
====================================================
Scenario 3: blake & dharma & chloe fully trusted
$rst
EOF

sleep $WAIT

trust alice 6
trust dharma 5
trust blake 5
trust chloe 5

trust francis 2
trust elena 2
trust geoff 2

cat <<EOF
$bld
----------------------------------------------------
Dump trust/validity of each user
$rst
EOF

gpg --edit-key alice quit
gpg --edit-key dharma quit
gpg --edit-key blake quit
gpg --edit-key chloe quit
gpg --edit-key francis quit
gpg --edit-key elena quit
gpg --edit-key geoff quit

cat <<EOF
$bld
----------------------------------------------------
Analyzing the above :
${ylw}
alice  : ultimate/ultimate   # 'ultimate' because self trusted ultimately
dharma : full/full           # 'full' because signed by myself
blake  : full/unknown        # 'unknown' because not signed
chloe  : full/full           # 'full' because signed by 2 fully trusted (dharma & blake)
francis: undefined/full      # 'full' because signed by 1 fully trusted (chloe)
elena  : undefined/full      # 'full' because signed by 1 fully trusted (chloe)
geoff  : undefined/undefined # 'undefined' because too far from alice
$rst
EOF
	#!/bin/bash

	# Author: Matthieu Fronton <m@tthieu.fr>
	# Profile: github.com/frntn
	# Description: GnuPG web of trust : automate multiple scenarii to help the understanding of https://www.gnupg.org/gph/en/manual/x334.html

	WAIT=4

	if [ -t 1 ]; then
	cya="$(tput setaf 6)"
	ylw="$(tput setaf 3)"
	bld="$(tput bold)"
	rst="$(tput sgr0)"
	fi

	read -p "About to remove ~/.gnupg folder. Confirm ? (y/N) " -n 1 -r choice
	[ "$choice" != "y" ] && exit
	echo

	cat <<EOF
	$bld
	====================================================
	Init new GnuPG keyring
	$rst
	EOF

	echo "Resetting .gnupg keyrings$rst"
	rm -rf $HOME/.gnupg
	gpg -K 2>/dev/null

	for user in alice blake chloe dharma francis elena geoff
	do
	echo "Creating user '$user'$rst"
	cat >${user}.input <<EOF
	%echo Generating a default key
	Key-Type: RSA
	Subkey-Type: RSA
	Name-Real: ${user}
	Name-Comment: ${user}'s key
	Name-Email: ${user}@foo.bar
	Expire-Date: 0
	Passphrase: abc
	%commit
	%echo done
	EOF

	gpg --batch --gen-key ${user}.input 2>/dev/null

	done

	cat <<EOF
	$bld
	====================================================
	Building our "web of trust" template

	+-------+ +-------+ +-------+ +-------+ +-------+
	\| \| \| \| \| \| \| \| \| \|
	\| alice +----------> darma +-------> chloe +--------> elena +-------> geoff \|
	\| (me) \| \| \| \| \| \| \| \| \|
	+-------+ +-------+ +-------+ +-------+ +-------+
	\|
	+-------+ \| +---------+
	\| \| +-----------> \|
	\| blake \| \| francis \|
	\| +-----------------------> \|
	+-------+ +---------+

	(Adaptation of Figure 3-1 from https://www.gnupg.org/gph/en/manual/x334.html)
	$rst
	EOF

	#echo "Alice ---> Dharma$rst"
	echo abc \| gpg --batch --yes --passphrase-fd 0 -u alice --sign-key dharma >/dev/null 2>/dev/null

	#echo "Dharma ---> Chloe$rst"
	echo abc \| gpg --batch --yes --passphrase-fd 0 -u dharma --sign-key chloe >/dev/null 2>/dev/null
	#echo "Blake ---> Chloe$rst"
	echo abc \| gpg --batch --yes --passphrase-fd 0 -u blake --sign-key chloe >/dev/null 2>/dev/null

	#echo "Chloe ---> Francis$rst"
	echo abc \| gpg --batch --yes --passphrase-fd 0 -u chloe --sign-key francis >/dev/null 2>/dev/null
	#echo "Blake ---> Francis$rst"
	echo abc \| gpg --batch --yes --passphrase-fd 0 -u blake --sign-key francis >/dev/null 2>/dev/null

	#echo "Chloe ---> Elena$rst"
	echo abc \| gpg --batch --yes --passphrase-fd 0 -u chloe --sign-key elena >/dev/null 2>/dev/null
	#echo "Elena ---> Geoff$rst"
	echo abc \| gpg --batch --yes --passphrase-fd 0 -u elena --sign-key geoff >/dev/null 2>/dev/null

	cat <<EOF
	$bld
	----------------------------------------------------

	And now lets play various ${ylw}trust scenarii${rst}${bld} and check ${ylw}computed validity${rst}${bld}
	(computed validity is based on a combination of signing trust, signing distance and signing count)
	$rst
	# Reminder...
	# 6: I trust ultimately
	# 5: I trust fully
	# 4: I trust marginally
	# 3: I do NOT trust
	# 2: I don't know or won't say

	EOF

	read -p "Press any key to continue..."

	cat <<EOF
	$bld$cya
	====================================================
	Scenario 1: blake & dharma marginally trusted
	$rst
	EOF

	sleep $WAIT

	trust() {
	#echo "${bld}Trusting '$1:$2'$rst"
	gpg --fingerprint --with-colons --list-keys 2>/dev/null \| \
	awk -F: -v keyname="$1" -v trustlevel="$2" '
	$1=="pub" && $10 ~ keyname { fpr=1 }
	$1=="fpr" && fpr { print $10 ":" trustlevel ":" ; exit }' \| \
	gpg --import-ownertrust
	}

	trust alice 6
	trust dharma 4
	trust blake 4

	trust chloe 2
	trust francis 2
	trust elena 2
	trust geoff 2

	cat <<EOF
	$bld
	----------------------------------------------------
	Dump trust/validity of each user
	$rst
	EOF

	gpg --edit-key alice quit
	gpg --edit-key dharma quit
	gpg --edit-key blake quit
	gpg --edit-key chloe quit
	gpg --edit-key francis quit
	gpg --edit-key elena quit
	gpg --edit-key geoff quit

	#read -p "${bld}chloe's validity above is marginal
	#${ylw}That's because it has been signed by 2 marginally trusted keys (blake & dharma)$rst"

	cat <<EOF
	$bld
	----------------------------------------------------
	Analyzing the above :
	${ylw}
	alice : ultimate/ultimate # 'ultimate' because self trusted ultimately
	dharma : marginal/full # 'full' because signed by myself
	blake : marginal/unknown # 'unknown' because not signed
	chloe : undefined/marginal # 'marginal' because signed by 2 marginally trusted (dharma & blake)
	francis: undefined/unknown # 'unknown' because signed by 1 marginally trusted (chloe)
	$rst
	EOF

	read -p "Press any key to continue..."

	cat <<EOF
	$bld$cya
	====================================================
	Scenario 2: blake & dharma & chloe marginally trusted
	$rst
	EOF

	sleep $WAIT

	trust alice 6
	trust dharma 4
	trust blake 4
	trust chloe 4

	trust francis 2
	trust elena 2
	trust geoff 2

	cat <<EOF
	$bld
	----------------------------------------------------
	Dump trust/validity of each user
	$rst
	EOF

	gpg --edit-key alice quit
	gpg --edit-key dharma quit
	gpg --edit-key blake quit
	gpg --edit-key chloe quit
	gpg --edit-key francis quit
	gpg --edit-key elena quit
	gpg --edit-key geoff quit

	cat <<EOF
	$bld
	----------------------------------------------------
	Analyzing the above :
	${ylw}
	alice : ultimate/ultimate # 'ultimate' because self trusted ultimately
	dharma : marginal/full # 'full' because signed by myself
	blake : marginal/unknown # 'unknown' because not signed
	chloe : marginal/marginal # 'marginal' because signed by 2 marginally trusted (dharma & blake)
	francis: undefined/unknown # 'unknown' because signed by 1 marginally trusted (chloe)
	$rst
	EOF

	read -p "Press any key to continue..."

	cat <<EOF
	$bld$cya
	====================================================
	Scenario 3: blake & dharma & chloe fully trusted
	$rst
	EOF

	sleep $WAIT

	trust alice 6
	trust dharma 5
	trust blake 5
	trust chloe 5

	trust francis 2
	trust elena 2
	trust geoff 2

	cat <<EOF
	$bld
	----------------------------------------------------
	Dump trust/validity of each user
	$rst
	EOF

	gpg --edit-key alice quit
	gpg --edit-key dharma quit
	gpg --edit-key blake quit
	gpg --edit-key chloe quit
	gpg --edit-key francis quit
	gpg --edit-key elena quit
	gpg --edit-key geoff quit

	cat <<EOF
	$bld
	----------------------------------------------------
	Analyzing the above :
	${ylw}
	alice : ultimate/ultimate # 'ultimate' because self trusted ultimately
	dharma : full/full # 'full' because signed by myself
	blake : full/unknown # 'unknown' because not signed
	chloe : full/full # 'full' because signed by 2 fully trusted (dharma & blake)
	francis: undefined/full # 'full' because signed by 1 fully trusted (chloe)
	elena : undefined/full # 'full' because signed by 1 fully trusted (chloe)
	geoff : undefined/undefined # 'undefined' because too far from alice
	$rst
	EOF