Edit Rename Upload Download Back to Top

Identity Matrix Implementation

The following images of the Identity Matrix are produced using the gpg --list-sigs command processed by the sig2dot script. This raw data is then tuened into a picture using three different programs (click on the links to see the pictures):

These images were created using the following Bash shell script on a Debian Sarge machine which uses springgraph (from the springgraph package) and neato (from the graphviz package).

filenamePrefix="matrix$(date --utc +%Y%m%d%I%M%S)"
# generate the images
gpg --list-sigs | sig2dot > $dotFilename
springgraph < $dotFilename | convert -geometry $geometry - $springFilename
neato -Tps $dotFilename | convert -geometry $geometry - $neatoFilename
dot -Tps $dotFilename | convert -geometry $geometry - $dotPNGFilename
# copy the new images to the "current" file names
rm *-current.*
cp $dotFilename matrix-current.dot
cp $springFilename matrix-current-spring.png
cp $neatoFilename matrix-current-neato.png
cp $dotPNGFilename matrix-current-dot.png

Since everyone (almost) is signing Bruce's key, I wanted all his signers in my keyring. I found this Ruby script useful. It assumes you have a default keyserver set in your preferences. I guess it's not very robust code. Better ideas welcomed - Barry

ids = []
IO.popen("gpg --list-sigs BEBB933F").each { | line |
        if line =~ /User id not found/

ids.each { | unknown |
        system("gpg --recv-key #{unknown}")

Having perl installed but not Ruby, I felt compelled to hack up a perl equivalent to Barry's script. -- Peter Bonney

#!/bin/perl -w

use strict;

my %ids;

open SIGS, "gpg --list-sigs BEBB933F |";
foreach () {
	if (m/(\w{8}).+User id not found/) {
		$ids{$1} = 1;  # using a hash implicitly uniqifies the list
close SIGS;

my $unknown_id; 
foreach $unknown_id (keys %ids) {
	# note that this assumes you've defined your keyserver in gpg.conf
	my @gpg_recv = ("gpg", "--recv-key", $unknown_id);
	system(@gpg_recv) == 0 or die "System @gpg_recv failed: $?";

Or you could just use tried and true shell instead.

anand@caliban:~/PKI$ cat sub-key-import
gpg --with-colons --list-sigs $1 | awk -F: ' /not found/ { print $5 } ' | cut -b 9- | sort | uniq | xargs gpg --keyserver wwwkeys.uk.pgp.net --recv-key

The first argument to the script will be the keyid (or email, or whatever gpg understands) to retrieve all unidentified signers for. I use that script as part of a larger system which allows me to do key-signing very easily.

-- Anand Kumria


It seems that RDF may be anothe way to represent the identity matrix.
Edit Rename Upload Download Back to Top