PGP: Graphing The Trust

This page is all about how to make pretty graphs like this (click to zoom):

graph if trust between keys

Table of Contents

Sig2dot and Sig3

A friend of mine, Carl Hayter, wrote a quick perl script one day called sig2dot that would take the output of gpg --list-sigs and create a dot file for neato (discussed below).

Meanwhile, someone else had the same idea and the same name and wrote another sig2dot, which was a bit better about parsing the output of gpg.

But we didn't know about the other sig2dot and Carl's own sig2dot had a few problems: 1. It didn't take into account some of the bizarre output of gpg --list-sigs, and 2. For very very large keychains, the dot file would be so complex that neato would never finish generating the graph (this isn't a bug, but a depth-limiting feature would fix this). So Carl modified his own sig2dot and made sig3 which includes two very important features: depth limiting with -d <n>, and source-defining (who am I, so that I can determine depth properly), with -s '<email> [ <email> ... ]'. This is manadatory for anyone with a large keychain like me. This size limitating feature is not available in the community one.

So for most needs the community-supported sig2dot will probably meet your needs, and you can get it from the link above. And you run it like this:


gpg --list-sigs | sig2dot > keys.dot

But if you find that neato takes longer than 10 minutes to run (in which case it'll probably run for days, of not weeks... I let mine run for 24 hours before I killed it), then you want sig3 which you can acquire from this site here. sig3 will automatically call gpg in the right way for you, so all you need to do is:


sig3 > keys.dot

However, if do pipe the output of gpg to it, it will use that instead. If you choose to do this you must use at least the following options:


gpg --list-sigs --with-colons --fixed-list-mode --with-fingerprint

Neato

Neato is part of the graphviz package and will take the aforementioned dot file and create a graph in one of many forms. While it will output jpeg, it's not very good at it, so first we generate a postscript file:


neato -Tps -o keys.ps keys.dot

However, on very large keychains the above will make a very ugly graph, so I recommend enabling some options for curved lines and overlapping will help:


neato -Tps -Goverlap=scale -Gsplines=true -o keys.ps keys.dot

Voila, now you have a postscript graph!

Convert

Now comes the easy part, convert our postscript into JPEG using ImageMagick:


convert keys.ps keys.jpg

And you're done. You can clean up with:


rm -f keys.ps keys.dot

Links