On Thu, Jan 23, 2014 at 10:07:29PM +0000, Clint Adams wrote: > The following three reports were generated with debian-keyring > 2013.12.13, hopenpgp-tools 0.4-1, jshon 20131010-3, and the
Redone with debian-keyring 2014.01.31, hopenpgp-tools 0.6-1, jq 1.3-1.1, and attached script: (/usr/share/keyrings/debian-keyring.gpg) Total primary keys: 994 Key versions: 994 4 Primary key pubkey algorithms: 611 "DSA" 383 "RSA" Primary key pubkey sizes: 612 1024 27 2048 2 3072 350 4096 2 8192 1 10240 Judgment on preferred hash algorithms of "best" uid/uat: 540 null 453 "weak hash with higher preference" Judgment on expiration times of "best" uid/uat: 9 "expiration passed" 30 "expiration too far in future" 870 "no expiration set" 84 null Total number of UIDs + UAts: 4377 Hash algorithm used for most recent self-sig: 1 "RIPEMD160" 3125 "SHA1" 1078 "SHA256" 2 "SHA384" 171 "SHA512" Judgment on preferred hash algorithms: 1252 null 3125 "weak hash algorithm" Judgment on expiration times: 50 "expiration passed" 111 "expiration too far in future" 3871 "no expiration set" 345 null ========================================== (/usr/share/keyrings/debian-maintainers.gpg) Total primary keys: 205 Key versions: 205 4 Primary key pubkey algorithms: 54 "DSA" 151 "RSA" Primary key pubkey sizes: 54 1024 1 1280 15 2048 1 3072 133 4096 1 8192 Judgment on preferred hash algorithms of "best" uid/uat: 169 null 36 "weak hash with higher preference" Judgment on expiration times of "best" uid/uat: 3 "expiration passed" 6 "expiration too far in future" 161 "no expiration set" 35 null Total number of UIDs + UAts: 626 Hash algorithm used for most recent self-sig: 316 "SHA1" 240 "SHA256" 70 "SHA512" Judgment on preferred hash algorithms: 310 null 316 "weak hash algorithm" Judgment on expiration times: 7 "expiration passed" 18 "expiration too far in future" 508 "no expiration set" 93 null ========================================== (/usr/share/keyrings/debian-nonupload.gpg) Total primary keys: 9 Key versions: 9 4 Primary key pubkey algorithms: 9 "RSA" Primary key pubkey sizes: 1 2048 8 4096 Judgment on preferred hash algorithms of "best" uid/uat: 9 null Judgment on expiration times of "best" uid/uat: 6 "no expiration set" 3 null Total number of UIDs + UAts: 25 Hash algorithm used for most recent self-sig: 7 "SHA1" 16 "SHA256" 2 "SHA512" Judgment on preferred hash algorithms: 18 null 7 "weak hash algorithm" Judgment on expiration times: 14 "no expiration set" 11 null ==========================================
#!/bin/zsh infile=${1:-/usr/share/keyrings/debian-keyring.gpg} tempfile=$(mktemp) trap 'rm ${tempfile}' EXIT hokey lint --output-format JSON <${infile} >${tempfile} print -n "Total primary keys: " wc -l <${tempfile} # jq '.keyFingerprint' ${tempfile} | wc -l print "Key versions: " jq '.keyVer.val' ${tempfile} | sort | uniq -c print "Primary key pubkey algorithms: " jq '.keyAlgorithmAndSize.pubkeyalgo.val' ${tempfile} | sort | uniq -c print "Primary key pubkey sizes: " jq '.keyAlgorithmAndSize.pubkeysize.val' ${tempfile} | sort -n | uniq -c print "Judgment on preferred hash algorithms of \"best\" uid/uat: " jq '.keyBestOf.uidPreferredHashAlgorithms | .[].explanation' ${tempfile} | sort | uniq -c print "Judgment on expiration times of \"best\" uid/uat: " jq '.keyBestOf.uidKeyExpirationTimes | .[].explanation' ${tempfile} | sort | uniq -c print -n "Total number of UIDs + UAts: " jq '.keyUIDsAndUAts | keys | .[]' ${tempfile} | wc -l print "Hash algorithm used for most recent self-sig: " jq '.keyUIDsAndUAts | .[].uidSelfSigHashAlgorithms | .[].val' ${tempfile} | sort | uniq -c print "Judgment on preferred hash algorithms: " jq '.keyUIDsAndUAts | .[].uidSelfSigHashAlgorithms | .[].explanation' ${tempfile} | sort | uniq -c print "Judgment on expiration times: " jq '.keyUIDsAndUAts | .[].uidKeyExpirationTimes | .[].explanation' ${tempfile} | sort | uniq -c print "=========================================="