The document discusses PGP (Pretty Good Privacy) trust levels and signatures. It expresses frustration with the complexity of PGP trust models. It then provides examples of using a PGP key database to analyze trends in PGP usage, such as the number of users from certain email providers, news organizations, intelligence agencies, and universities that utilize PGP. It also examines which PGP keys have been signed the most.
9. !
• Direct Trust
!
• Hierarchical Trust
!
• Cumulative Trust
A few types of “trust”:
10. From RFC 4880 “OpenPGP Message Format"
(5.2.1. Signature Types)
!
0x10: Generic certification of a User ID and Public-Key packet.
The issuer of this certification does not make any particular
assertion as to how well the certifier has checked that the owner
of the key is in fact the person described by the User ID.
!
0x11: Persona certification of a User ID and Public-Key packet.
The issuer of this certification has not done any verification of
the claim that the owner of this key is the User ID specified.
!
0x12: Casual certification of a User ID and Public-Key packet.
The issuer of this certification has done some casual
verification of the claim of identity.
!
0x13: Positive certification of a User ID and Public-Key packet.
The issuer of this certification has done substantial
verification of the claim of identity.
!
Most OpenPGP implementations make their "key signatures" as 0x10
certifications. Some implementations can issue 0x11-0x13
certifications, but few differentiate between the types.
13. From RFC 4880 “OpenPGP Message Format"
pub:q:4096:1:681D3A753B6C249E:2013-12-22:2017-12-22:::Laura Schmitz <laura.schmitz87@icloud.com>:
!
Where field separator is “:”
!
0 - record type
1 - validity
2 - key length
3 - algorithm
4 - key id
5 - date created
6 - expiration date
7 - certificate serial number
8 - owner trust
9 - name/email (user id)
10 - signature class
14. Convert keystore to sql database
while (<FILE>) {
my @key = split(':', $_);
!
# Get rid of annoying characters
for (@key) {
s/'//g;
s////g;
s///g;
}
# Guide to key format
# 0 - record type
# 1 - validity
# 2 - key length
# 3 - algorithm
# 4 - key id
# 5 - date created
# 6 - expiration date
# 7 - certificate serial number
# 8 - owner trust
# 9 - name/email (user id)
# 10 - signature class
# 11 - parent (if subkey)
!
if ($key[0] eq "pub") {
$pubkey = $key[4];
$query = "INSERT INTO key_store (record_type, validity, key_length, algorithm, key_id, date_creation,
date_expire, serial_number, owner_trust, user_id, signature_class, parent) VALUES
( '$key[0]', '$key[1]', '$key[2]', '$key[3]', '$key[4]', '$key[5]',
'$key[6]', '$key[7]', '$key[8]', '$key[9]', '$key[10]', '');";
}
else {
$query = "INSERT INTO key_store (record_type, validity, key_length, algorithm, key_id, date_creation,
date_expire, serial_number, owner_trust, user_id, signature_class, parent) VALUES
( '$key[0]', '$key[1]', '$key[2]', '$key[3]', '$key[4]', '$key[5]',
'$key[6]', '$key[7]', '$key[8]', '$key[9]', '$key[10]', '$pubkey');";
}
$dbh->do($query);
}
15. What email providers have “secure” users?
Example query:
select count(user_id) from key_store where user_id
like '%gmail.com%' and record_type = 'pub';
gmail 334,333
hotmail 107,813
yahoo 60,446
hushmail 5,016
16. What news organizations have “secure” users?
Example query:
select count(user_id) from key_store where user_id
like '%wsj.com%' and record_type = 'pub';
wall street journal 18
new york times 159
fox news (wtf?) 3
17. What “intelligence” agencies have “secure” users?
Example query:
select count(user_id) from key_store where user_id
like ‘%nsa.gov%' and record_type = 'pub';
nsa.gov 54
cia.gov 39
.mil 7,908
dhs.gov 28
goatse.cx 0
18. How do universities use PGP?
query:
select user_id, count(*) as freq from key_store where user_id like '%.edu%'
and record_type = 'pub' group by user_id order by freq desc limit 10;
+----------------------------------------------+------+
| user_id | freq |
+----------------------------------------------+------+
| Re-An M. Pasia <rpasia@wesleyan.edu> | 181 |
| nylee <nylee@mail.stut.edu.tw> | 26 |
| Charles <charles@hm.edu> | 18 |
| Bobby <bobby@hm.edu> | 16 |
| Cheung Chi Wai <chiwai@cuhk.edu.hk> | 14 |
| Robert S. Newnam <rnewnam@udel.edu> | 13 |
| Shawn Nock <nock@email.arizona.edu> | 12 |
| Gaby Abed <ihabed@uncc.edu> | 12 |
| Steven I. Altchuler <altchuler@alum.mit.edu> | 12 |
| Rafael Villavicencio <rafael@virginia.edu> | 12 |
+----------------------------------------------+------+
19. Who has signed the most keys?
query:
select parent, count(*) as freq from key_store use index (record_type_parent)
where record_type = 'sig' group by parent order by freq desc limit 10;
+------------------+-------+
| parent | freq |
+------------------+-------+
| F7F0E70F307D56ED | 12627 | Noèl Köthe <noel@guug.de>
| 9710B89BCA57AD7C | 10629 | PGP Global Directory Verification Key
| 2F951508AAE6022E | 8825 | Karlheinz Geyer (RBOS) <karlheinz.geyer@lhsystems.com>
| 57930DAB0B86B067 | 7479 | Joost van Baal <joostvb@logreport.org>
| 30028D244813B5FE | 6223 | Andreas Scherbaum <ads@ufp.de>
| 18A0CC8D5706A4B4 | 6221 | Simon Richter <Simon.Richter@picotux.com>
| D2BB0D0165D0FD58 | 5832 | CA Cert Signing Authority (Root CA) <gpg@cacert.org>
| 948FD6A0E10F502E | 5231 | Marcus Frings <protagonist@gmx.net>
| DE7AAF6E94C09C7F | 5106 | Peter Palfrader
| E544DE079B7C328D | 4254 | Luk Claes <luk@lugwv.be>
+------------------+-------+