I wrote a couple perl scripts that will display a signature path from your key to the signer of an email, while verifying the signature of the email. They can be found at http://www.chaosreigns.com/code/mutt-sigtrace/ The output looks like: [-- PGP output follows (current time: Thu Nov 30 23:10:30 2000) --] gpg: Signature made Thu Nov 30 16:32:54 2000 EST using DSA key ID 57548DCD gpg: Good signature from "Werner Koch (gnupg sig) <[EMAIL PROTECTED]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. gpg: Fingerprint: 6BD9 050F D8FC 941B 4341 2DCC 68B7 AB89 5754 8DCD (cached 0E9FF879 to 57548DCD) 6 hop path: 0E9FF879 5AA5BCDF 0FCC27C6 788A3F4C 2FA3BC2D 5B0358A2 57548DCD 0E9FF879 Darxus <[EMAIL PROTECTED]> 5AA5BCDF Michael J. Leone <[EMAIL PROTECTED]> 0FCC27C6 David L. Coe <[EMAIL PROTECTED]> 788A3F4C Joey Hess <[EMAIL PROTECTED]> 2FA3BC2D Wichert Akkerman <[EMAIL PROTECTED]> 5B0358A2 Werner Koch <[EMAIL PROTECTED]> 57548DCD Werner Koch (gnupg sig) <[EMAIL PROTECTED]> [-- End of PGP output --] The lines between the begin and end lines, which do not start with "gpg:" were added by mutt-sigtrace. >From this example, I signed Michael's key, who signed David's key, who signed Joey's key, etc. If you've already got gpg signature verification working, you just need to download 4 files, and make a simple modification to 2 of mutt's veriables. On my p2 233, it takes a maximum of 18 seconds to trace a signature path the first time, and then it is stored in a cache. So every time after that, it is instantaneous. Please let me know if you have any problems with these things. I've been having way to much fun w/ gpg & perl lately. -- http://www.ChaosReigns.com
