December 2013 debian-keyring analysis

Total keys: 996
Key versions:
    996 4
Primary key pubkey algorithms:
    623 "DSA"
    373 "RSA"
Primary key pubkey sizes:
    624 1024
     27 2048
      2 3072
    340 4096
      2 8192
      1 10240
Total number of UIDs + UAts: 4394
Hash algorithm used for most recent self-sig:
      1 "RIPEMD160"
   3188 "SHA1"
   1041 "SHA256"
      1 "SHA384"
    163 "SHA512"
Judgment on preferred hash algorithms:
   1776 null
   2618 "weak hash with higher preference"
Judgment on expiration times:
     53 "expiration passed"
    111 "expiration too far in future"
   3887 "no expiration set"
    343 null

This was generated with debian-keyring 2013.12.13, hopenpgp-tools 0.4-1, jshon 20131010-3, and the following inefficient script:


trap 'rm ${tempfile}' EXIT

hokey lint --output-format JSON <${infile} >${tempfile}

print -n "Total keys: "
jshon -a -e keyFingerprint <${tempfile} | wc -l

print "Key versions: "
jshon -a -e keyVer -e val <${tempfile} | sort | uniq -c

print "Primary key pubkey algorithms: "
jshon -a -e keyAlgorithmAndSize -e pubkeyalgo -e val <${tempfile} | sort | uniq -c

print "Primary key pubkey sizes: "
jshon -a -e keyAlgorithmAndSize -e pubkeysize -e val <${tempfile} | sort -n | uniq -c

print -n "Total number of UIDs + UAts: "
jshon -a -e keyUIDsAndUAts -k <${tempfile} | wc -l

print "Hash algorithm used for most recent self-sig: "
jshon -a -e keyUIDsAndUAts -a -e uidSelfSigHashAlgorithms -a -e val <${tempfile} | sort | uniq -c

print "Judgment on preferred hash algorithms: "
jshon -a -e keyUIDsAndUAts -a -e uidPreferredHashAlgorithms -a -e explanation <${tempfile} | sort | uniq -c

print "Judgment on expiration times: "
jshon -a -e keyUIDsAndUAts -a -e uidKeyExpirationTimes -a -e explanation <${tempfile} | sort | uniq -c

This represents incorrect handling of revoked UIDs and user attributes, and possibly unknown bugs. "Judgments" are based on this document and are not generalized per key.

Posted on 2014-01-22
Tags: quanks, debian, keyring, hopenpgp, jshon