—WHY I HATE PGP—aestetix

https://help.ubuntu.com/community/GnuPrivacyGuardHowto

WHAT THE FUCK DO TRUST LEVELS MEAN?!?!

!

• Direct Trust !

• Hierarchical Trust !

• Cumulative Trust

A few types of “trust”:

From RFC 4880 “OpenPGP Message Format"(5.2.1. Signature Types) ! 0x10: Generic certification of a User ID and Public-Key packet. The issuer of this certification does not make any particular assertion as to how well the certifier has checked that the owner of the key is in fact the person described by the User ID. ! 0x11: Persona certification of a User ID and Public-Key packet. The issuer of this certification has not done any verification of the claim that the owner of this key is the User ID specified. ! 0x12: Casual certification of a User ID and Public-Key packet. The issuer of this certification has done some casual verification of the claim of identity. ! 0x13: Positive certification of a User ID and Public-Key packet. The issuer of this certification has done substantial verification of the claim of identity. ! Most OpenPGP implementations make their "key signatures" as 0x10 certifications. Some implementations can issue 0x11-0x13 certifications, but few differentiate between the types.

How my trust tool works:

Example `pgpring -S -k keystore` output: !

pub:q:4096:1:681D3A753B6C249E:2013-12-22:2017-12-22:::Laura Schmitz <laura.schmitz87@icloud.com>: sig::::681D3A753B6C249E:2013-12-22:::::13: sub:q:4096:1:E8A53B713BA1A13E:2013-12-22:2017-12-22:::Laura Schmitz <laura.schmitz87@icloud.com>: pub:q:1024:17:DD6909ABB128136B:1998-09-17::::J\xfffffffcrgen Marschall <juergen.marschall@prompt.de>: sig::::31B221441DDAA684:1998-09-17:::::10: sig::::DD6909ABB128136B:1998-09-17:::::10: sub:q:2048:16:0BE4CB3712565F36:1998-09-17::::J\xfffffffcrgen Marschall <juergen.marschall@prompt.de>: pub:q:1024:17:7C951D88B8CCB59D:2009-01-02::::Carol <carol@mail.com>: sig::::7C951D88B8CCB59D:2009-01-02:::::13: sub:q:1024:16:CFFB706540C239DA:2009-01-02::::Carol <carol@mail.com>: pub:q:1024:1:CE040C74F9A3F1DD:1997-05-03::::RGB <rgb@nym.alias.net>: sig::::CE040C74F9A3F1DD:1998-02-18:::::10: pub:q:2048:1:C56C3CAA9995BDE7:2011-05-27:2016-05-25:::icemann1978@t-online.de <icemann1978@t-online.de>: sig::::C56C3CAA9995BDE7:2011-05-27:::::13: sub:q:2048:1:8F38A91BB2F768B8:2011-05-27:2016-05-25:::icemann1978@t-online.de <icemann1978@t-online.de>: pub:rq:1024:1:BDAB86311EA5DE89:1999-06-29::::Rudolph Pereira <rudolph@getsystems.com>: rev::::BDAB86311EA5DE89::::::20: sig::::BDAB86311EA5DE89:1999-06-29:::::10: pub:q:2048:1:5964884DB64C74F1:2012-09-30::::Cheng Ye <yecheng91@msn.com>: sig::::5964884DB64C74F1:2012-09-30:::::13: sub:q:2048:1:DB6BF5D7096C9858:2012-09-30::::Cheng Ye <yecheng91@msn.com>:

From RFC 4880 “OpenPGP Message Format"pub:q:4096:1:681D3A753B6C249E:2013-12-22:2017-12-22:::Laura Schmitz <laura.schmitz87@icloud.com>:

!Where field separator is “:” !0 - record type 1 - validity 2 - key length 3 - algorithm 4 - key id 5 - date created 6 - expiration date 7 - certificate serial number 8 - owner trust 9 - name/email (user id) 10 - signature class

Convert keystore to sql databasewhile (<FILE>) { my @key = split(':', $_); ! # Get rid of annoying characters for (@key) { s/'//g; s/\///g; s/\\//g; } # Guide to key format # 0 - record type # 1 - validity # 2 - key length # 3 - algorithm # 4 - key id # 5 - date created # 6 - expiration date # 7 - certificate serial number # 8 - owner trust # 9 - name/email (user id) # 10 - signature class # 11 - parent (if subkey) ! if ($key[0] eq "pub") { $pubkey = $key[4]; $query = "INSERT INTO key_store (record_type, validity, key_length, algorithm, key_id, date_creation, date_expire, serial_number, owner_trust, user_id, signature_class, parent) VALUES ( '$key[0]', '$key[1]', '$key[2]', '$key[3]', '$key[4]', '$key[5]', '$key[6]', '$key[7]', '$key[8]', '$key[9]', '$key[10]', '');"; } else { $query = "INSERT INTO key_store (record_type, validity, key_length, algorithm, key_id, date_creation, date_expire, serial_number, owner_trust, user_id, signature_class, parent) VALUES ( '$key[0]', '$key[1]', '$key[2]', '$key[3]', '$key[4]', '$key[5]', '$key[6]', '$key[7]', '$key[8]', '$key[9]', '$key[10]', '$pubkey');"; } $dbh->do($query); }

What email providers have “secure” users?

Example query: select count(user_id) from key_store where user_id

like '%gmail.com%' and record_type = 'pub';

gmail 334,333

hotmail 107,813

yahoo 60,446

hushmail 5,016

What news organizations have “secure” users?

Example query: select count(user_id) from key_store where user_id

like '%wsj.com%' and record_type = 'pub';

wall street journal 18

new york times 159

fox news (wtf?) 3

What “intelligence” agencies have “secure” users?

Example query: select count(user_id) from key_store where user_id

like ‘%nsa.gov%' and record_type = 'pub';

nsa.gov 54

cia.gov 39

.mil 7,908

dhs.gov 28

goatse.cx 0

How do universities use PGP?

query: select user_id, count(*) as freq from key_store where user_id like '%.edu%' and record_type = 'pub' group by user_id order by freq desc limit 10;

+----------------------------------------------+------+ | user_id | freq | +----------------------------------------------+------+ | Re-An M. Pasia <rpasia@wesleyan.edu> | 181 | | nylee <nylee@mail.stut.edu.tw> | 26 | | Charles <charles@hm.edu> | 18 | | Bobby <bobby@hm.edu> | 16 | | Cheung Chi Wai <chiwai@cuhk.edu.hk> | 14 | | Robert S. Newnam <rnewnam@udel.edu> | 13 | | Shawn Nock <nock@email.arizona.edu> | 12 | | Gaby Abed <ihabed@uncc.edu> | 12 | | Steven I. Altchuler <altchuler@alum.mit.edu> | 12 | | Rafael Villavicencio <rafael@virginia.edu> | 12 | +----------------------------------------------+------+

Who has signed the most keys?

query: select parent, count(*) as freq from key_store use index (record_type_parent) where record_type = 'sig' group by parent order by freq desc limit 10;

+------------------+-------+ | parent | freq | +------------------+-------+ | F7F0E70F307D56ED | 12627 | Noèl Köthe <noel@guug.de> | 9710B89BCA57AD7C | 10629 | PGP Global Directory Verification Key | 2F951508AAE6022E | 8825 | Karlheinz Geyer (RBOS) <karlheinz.geyer@lhsystems.com> | 57930DAB0B86B067 | 7479 | Joost van Baal <joostvb@logreport.org> | 30028D244813B5FE | 6223 | Andreas Scherbaum <ads@ufp.de> | 18A0CC8D5706A4B4 | 6221 | Simon Richter <Simon.Richter@picotux.com> | D2BB0D0165D0FD58 | 5832 | CA Cert Signing Authority (Root CA) <gpg@cacert.org> | 948FD6A0E10F502E | 5231 | Marcus Frings <protagonist@gmx.net> | DE7AAF6E94C09C7F | 5106 | Peter Palfrader | E544DE079B7C328D | 4254 | Luk Claes <luk@lugwv.be> +------------------+-------+

http://trust.aestetix.com

http://trust.aestetix.com/index.pl?pgpid=d255d3f5c868227f&Submit=Submit