GnuPG web of trust : automate multiple scenarii to help the understanding of https://www.gnupg.org/gph/en/manual/x334.html

gpg-key-validity.sh

#!/bin/bash

# Author: Matthieu Fronton <[email protected]>
# Profile: github.com/frntn
# Description: GnuPG web of trust : automate multiple scenarii to help the understanding of https://www.gnupg.org/gph/en/manual/x334.html 

WAIT=4

if [ -t 1 ]; then
cya="$(tput setaf 6)"
ylw="$(tput setaf 3)"
bld="$(tput bold)"
rst="$(tput sgr0)"
fi

read -p "About to remove ~/.gnupg folder. Confirm ? (y/N) " -n 1 -r choice
[ "$choice" != "y" ] && exit
echo

cat <<EOF
$bld
====================================================
Init new GnuPG keyring
$rst
EOF

echo "Resetting .gnupg keyrings$rst"
rm -rf $HOME/.gnupg
gpg -K 2>/dev/null

for user in alice blake chloe dharma francis elena geoff
do
    echo "Creating user '$user'$rst"
    cat >${user}.input <<EOF
%echo Generating a default key
Key-Type: RSA
Subkey-Type: RSA
Name-Real: ${user}
Name-Comment: ${user}'s key
Name-Email: ${user}@foo.bar
Expire-Date: 0
Passphrase: abc
%commit
%echo done
EOF

    gpg --batch --gen-key ${user}.input 2>/dev/null

done

cat <<EOF
$bld
====================================================
Building our "web of trust" template

   +-------+          +-------+       +-------+        +-------+       +-------+
   |       |          |       |       |       |        |       |       |       |
   | alice +----------> darma +-------> chloe +--------> elena +-------> geoff |
   | (me)  |          |       |       |       |        |       |       |       |
   +-------+          +-------+       +-------+        +-------+       +-------+
                                          |
                      +-------+           |           +---------+
                      |       |           +----------->         |
                      | blake |                       | francis |
                      |       +----------------------->         |
                      +-------+                       +---------+

(Adaptation of Figure 3-1 from https://www.gnupg.org/gph/en/manual/x334.html)
$rst
EOF

#echo "Alice ---> Dharma$rst"
echo abc | gpg --batch --yes --passphrase-fd 0 -u alice --sign-key dharma >/dev/null 2>/dev/null

#echo "Dharma ---> Chloe$rst"
echo abc | gpg --batch --yes --passphrase-fd 0 -u dharma --sign-key chloe >/dev/null 2>/dev/null
#echo "Blake ---> Chloe$rst"
echo abc | gpg --batch --yes --passphrase-fd 0 -u blake --sign-key chloe >/dev/null 2>/dev/null

#echo "Chloe ---> Francis$rst"
echo abc | gpg --batch --yes --passphrase-fd 0 -u chloe --sign-key francis >/dev/null 2>/dev/null 
#echo "Blake ---> Francis$rst"
echo abc | gpg --batch --yes --passphrase-fd 0 -u blake --sign-key francis >/dev/null 2>/dev/null 

#echo "Chloe ---> Elena$rst"
echo abc | gpg --batch --yes --passphrase-fd 0 -u chloe --sign-key elena >/dev/null 2>/dev/null 
#echo "Elena ---> Geoff$rst"
echo abc | gpg --batch --yes --passphrase-fd 0 -u elena --sign-key geoff >/dev/null 2>/dev/null 

cat <<EOF
$bld
----------------------------------------------------

And now lets play various ${ylw}trust scenarii${rst}${bld} and check ${ylw}computed validity${rst}${bld}
(computed validity is based on a combination of signing trust, signing distance and signing count)
$rst
# Reminder...
# 6: I trust ultimately
# 5: I trust fully
# 4: I trust marginally
# 3: I do NOT trust
# 2: I don't know or won't say

EOF

read -p "Press any key to continue..."

cat <<EOF
$bld$cya
====================================================
Scenario 1: blake & dharma marginally trusted
$rst
EOF

sleep $WAIT

trust() {
  #echo "${bld}Trusting '$1:$2'$rst"
  gpg --fingerprint --with-colons --list-keys 2>/dev/null | \
    awk -F: -v keyname="$1" -v trustlevel="$2" '
	$1=="pub" && $10 ~ keyname { fpr=1 }
	$1=="fpr" && fpr { print $10 ":" trustlevel ":" ; exit }' | \
    gpg --import-ownertrust
}

trust alice 6 
trust dharma 4
trust blake 4 

trust chloe 2
trust francis 2
trust elena 2
trust geoff 2

cat <<EOF
$bld
----------------------------------------------------
Dump trust/validity of each user
$rst
EOF

gpg --edit-key alice quit
gpg --edit-key dharma quit
gpg --edit-key blake quit
gpg --edit-key chloe quit
gpg --edit-key francis quit
gpg --edit-key elena quit
gpg --edit-key geoff quit

#read -p "${bld}chloe's validity above is marginal 
#${ylw}That's because it has been signed by 2 marginally trusted keys (blake & dharma)$rst"

cat <<EOF
$bld
----------------------------------------------------
Analyzing the above :
${ylw}
alice  : ultimate/ultimate  # 'ultimate' because self trusted ultimately
dharma : marginal/full      # 'full' because signed by myself
blake  : marginal/unknown   # 'unknown' because not signed
chloe  : undefined/marginal # 'marginal' because signed by 2 marginally trusted (dharma & blake)
francis: undefined/unknown  # 'unknown' because signed by 1 marginally trusted (chloe)
$rst
EOF

read -p "Press any key to continue..."

cat <<EOF
$bld$cya
====================================================
Scenario 2: blake & dharma & chloe marginally trusted
$rst
EOF

sleep $WAIT

trust alice 6 
trust dharma 4
trust blake 4 
trust chloe 4

trust francis 2
trust elena 2
trust geoff 2

cat <<EOF
$bld
----------------------------------------------------
Dump trust/validity of each user
$rst
EOF

gpg --edit-key alice quit
gpg --edit-key dharma quit
gpg --edit-key blake quit
gpg --edit-key chloe quit
gpg --edit-key francis quit
gpg --edit-key elena quit
gpg --edit-key geoff quit

cat <<EOF
$bld
----------------------------------------------------
Analyzing the above :
${ylw}
alice  : ultimate/ultimate  # 'ultimate' because self trusted ultimately
dharma : marginal/full      # 'full' because signed by myself
blake  : marginal/unknown   # 'unknown' because not signed
chloe  : marginal/marginal  # 'marginal' because signed by 2 marginally trusted (dharma & blake)
francis: undefined/unknown  # 'unknown' because signed by 1 marginally trusted (chloe)
$rst
EOF

read -p "Press any key to continue..."

cat <<EOF
$bld$cya
====================================================
Scenario 3: blake & dharma & chloe fully trusted
$rst
EOF

sleep $WAIT

trust alice 6 
trust dharma 5
trust blake 5 
trust chloe 5

trust francis 2
trust elena 2
trust geoff 2

cat <<EOF
$bld
----------------------------------------------------
Dump trust/validity of each user
$rst
EOF

gpg --edit-key alice quit
gpg --edit-key dharma quit
gpg --edit-key blake quit
gpg --edit-key chloe quit
gpg --edit-key francis quit
gpg --edit-key elena quit
gpg --edit-key geoff quit

cat <<EOF
$bld
----------------------------------------------------
Analyzing the above :
${ylw}
alice  : ultimate/ultimate   # 'ultimate' because self trusted ultimately
dharma : full/full           # 'full' because signed by myself
blake  : full/unknown        # 'unknown' because not signed
chloe  : full/full           # 'full' because signed by 2 fully trusted (dharma & blake)
francis: undefined/full      # 'full' because signed by 1 fully trusted (chloe)
elena  : undefined/full      # 'full' because signed by 1 fully trusted (chloe)
geoff  : undefined/undefined # 'undefined' because too far from alice
$rst
EOF