-
Notifications
You must be signed in to change notification settings - Fork 19
/
Copy pathsearch-pgp-wot
executable file
·96 lines (86 loc) · 3.17 KB
/
search-pgp-wot
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#!/bin/sh
# Check all signatures on a given PGP key looking for any in the Web Of Trust.
# Then outputs a link to see the connection.
#
# USAGE:
# search-pgp-wot 0xC0C076132FFA7695
#
# STATUS: Alpha
# AUTHOR: Jonathan Cross 0xC0C076132FFA7695 (jonathancross.com)
# LICENSE: WTFPL - https://github.com/jonathancross/jc-docs/blob/master/LICENSE
################################################################################
KEYSERVER_URL="https://keyserver.ubuntu.com/pks/lookup?op=vindex&search="
# TODO: Plot from my key to their key: https://pgp.cs.uu.nl/paths/c0c076132ffa7695/to/a485a0ed51b8b7c4.html
PATHFINDER_URL="https://pgp.cs.uu.nl/mk_path.cgi?PATHS=trust+paths&FROM=&TO="
PATHFINDER_FAIL_STR='Good luck'
KEY_NUM_IN_WOT=0
KEY_IS_VALID=0
# Validate the key handle:
if [[ "x$1" != "x" ]]; then
KEY=$1
if [[ "${KEY:0:2}" == "0x" ]]; then
if [[ "${#KEY}" -eq "18" ]]; then
KEY_IS_VALID=1
KEYSERVER_URL_FULL="${KEYSERVER_URL}${KEY}"
else
echo "ERROR: Key must have '0x' prefix and be 16 hex chars (18 characters total). Yours is only ${#KEY} characters."
fi
else
echo "ERROR: Key handle must begin with '0x'."
fi
else
echo "ERROR: You must supply a long key handle as shown below."
fi
# Exit if key is invalid:
if [[ "$KEY_IS_VALID" != "1" ]]; then
echo "USAGE: search-pgp-wot 0xC0C076132FFA7695"
exit 1
fi
printf "Getting data for ${KEY}..."
# Load html for key info:
RAW_HTML=$(curl -s ${KEYSERVER_URL_FULL})
# Check that at least our own key is in the page to validate response:
if $(echo "${RAW_HTML}" | grep --silent --ignore-case ${KEY}); then
echo ' [OK]'
else
echo ' [ERROR]'
echo "
Could not load data from ${KEYSERVER_URL_FULL}
Please check the URL.
If it is working, please file a bug here:
https://github.com/jonathancross/jc-docs/issues/new?title=search-pgp-wot:%20URL%20Format
"
exit 1
fi
# Filter website output to extract list of unique key IDs:
SIG_KEYS=$(echo "${RAW_HTML}" | perl -ne 'if(m/^sig sig .+search=(0x[0-9a-f]{16}).*/) {print "$1\n"}' | sort -u | grep --invert-match ${KEY})
SIG_KEYS=( ${SIG_KEYS[@]} )
# Check if one or more signatures were found:
if [[ "${#SIG_KEYS[@]}" -ge "1" ]]; then
echo "FOUND ${#SIG_KEYS[@]} keys that signed ${KEY}:"
else
echo "
No usable signatures found on this key.
Please check the URL: ${KEYSERVER_URL_FULL}
If you see signatures other than the owner, please file a bug here:
https://github.com/jonathancross/jc-docs/issues/new?title=search-pgp-wot:%20Update%20Scraper
"
exit 0
fi
# Check each key to see if it is in the WOT:
# TODO: Filter out PGP Directory key? 0x9710B89BCA57AD7C
for SIG_KEY in ${SIG_KEYS[@]}; do
if $(curl -s "${PATHFINDER_URL}${SIG_KEY}" | grep -q "${PATHFINDER_FAIL_STR}"); then
echo " × $SIG_KEY"
else
let KEY_NUM_IN_WOT++
echo " ✓ https://pgp.cs.uu.nl/stats/$SIG_KEY.html"
fi
done
if [[ "$KEY_NUM_IN_WOT" -gt 0 ]]; then
echo "Found $KEY_NUM_IN_WOT keys in the PGP Web Of Trust Strong Set."
echo "Use the links above to plot a path to one of those keys."
else
# TODO: print link to see the path if found. Maybe later offer way to download keys in path.
echo "None of the keys signing $SIG_KEY seem to be in the PGP Web Of Trust Strong Set."
fi