sequoia-keyring-linter 0.1.0

A linter for keyrings
sequoia-keyring-linter-0.1.0 is not a library.

A simple certificate / keyring linter.

This program checks for issues with keys. The current focus is on finding reliances on SHA-1.

$ dpkg -l debian-keyring
...
ii  debian-keyring 2020.09.24
$ cargo run -- /usr/share/keyrings/debian-keyring.gpg
...
885 certificates.
778 certificates valid under the standard policy.
884 certificates valid under the standard policy + sha1.
Of the 778 certificates valid under the standard policy:
  778 have >0 user ids under the standard policy
  778 have >0 user ids under the standard policy + sha1
  63 have >0 user ids that are only protected by SHA1
  0 have all user ids only protected by SHA1
Of the 778 certificates valid under the standard policy:
  234 certificates have >0 non-revoked, live, signing-capable subkeys under the standard policy
    Of these 234 certificates, 19 have >0 subkeys protected by SHA1
      Of these 19, 10 use SHA1 for the binding signature
      Of these 19, 9 use something strong for the binding signature, but SHA1 for the backsig