A simple certificate / keyring linter.

This program checks for issues with keys. The current focus is on finding reliances on SHA-1.

$ dpkg -l debian-keyring ... ii debian-keyring 2020.09.24 $ cargo run -- /usr/share/keyrings/debian-keyring.gpg ... 885 certificates. 778 certificates valid under the standard policy. 884 certificates valid under the standard policy + sha1. Of the 778 certificates valid under the standard policy: 778 have >0 user ids under the standard policy 778 have >0 user ids under the standard policy + sha1 63 have >0 user ids that are only protected by SHA1 0 have all user ids only protected by SHA1 Of the 778 certificates valid under the standard policy: 234 certificates have >0 non-revoked, live, signing-capable subkeys under the standard policy Of these 234 certificates, 19 have >0 subkeys protected by SHA1 Of these 19, 10 use SHA1 for the binding signature Of these 19, 9 use something strong for the binding signature, but SHA1 for the backsig