-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathwotfileformat.txt
136 lines (102 loc) · 5.06 KB
/
wotfileformat.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
The Web of Trust .wot file format, version 0.3
1. Overview
To stimulate statistics and analyzes of the OpenPGP Web of Trust, a
file format is proposed to carry information about key IDs, names and
signatures, in files small enough to be easily downloaded by anyone.
Because the OpenPGP Web of Trust is supposed to grow a lot, the file
format is designed with compressed size as first priority. Key IDs and
names are specified only once. The signatures are specified using
sorted lists of indices into the key list. Similar data is close
together. The result is a format which can store the current (November
2004) strongly connected set in less than 0.9 MiB.
The first system to use this file format is Wotsap,
http://www.lysator.liu.se/~jc/wotsap/.
The latest version of this file is available at
http://www.lysator.liu.se/~jc/wotsap/wotfileformat.txt
with detached signature at
http://www.lysator.liu.se/~jc/wotsap/wotfileformat.txt.sig
2. File format
A wot file consists of the data chunks with names and content listed
below. The chunks are stored, in the same order as below, in a
xz-compressed ar-archive. All texts are coded using UTF-8, and all
integers are in network byte order. Since former versions of this
document mandated a bzip2-compressed archive, it is suggested to use
bzip2 as a fallback decompression algorithm when opening a wot file.
"README":
A short text describing what kind of file this is, and where and
when it was generated.
"WOTVERSION":
The version of this specification, followed by a newline. Currently
"0.3\n".
"names"
One string specifying the name of the primary user ID of each key.
Each name is followed by a newline. Newline characters appearing in
any primary user ID must be removed. The inclusion of a key here
implies that it is a valid key which is part of the web of trust.
The order of the keys is random and has no meaning, except that the
same order is used in all lists in a specific wot file. The orders
in two different wot files are generally not the same.
"keys"
The fingerprint of each key in the "names" chunk, in the same
order. Each fingerprint is formatted as a 20-bytes uppercase
hexadecimal string, terminated by a newline.
"signatures"
For each key, in the same order as the above lists, a 4-byte integer
specifying the number of signatures on that key, followed by a list
of that number of 4-byte signature descriptions. The 4 most
significant bits indicates the signature type and the 28 least
significant bits indicate the signing key as an index, starting from
zero, for the above lists.
The 4-bit signature type is interpreted as:
If the signing key has signed the primary user ID and one or more
other IDs, all signatures except the one on the primary user ID
are ignored.
If and only if the signing key has signed the primary user ID, bit
2 is set and the two least significant bits are set to the cert
check level (0-3) of that signature.
If the primary user ID is not signed, one or more other user IDs
are. Bit 2 is not set, but the two least significant bits are set
to the highest cert check level of those signatures.
Bit 3 is reserved and might be given a meaning in future 0.2.x
versions. Set to zero when writing and ignore when reading.
"debug" (optional)
Optional debug text, which should be of no interest to anyone not
developing/debugging/tuning the .wot generation program.
4. Future extensions
Future versions will, if possible, only add new chunks to the archive.
Such versions will have version numbers 0.3.x. Current implementations
must be able to read these files, by ignoring the extra chunks. If
incompatible changes are introduced, the version number will change to
0.4.
5. Version history
Version 0.3 - 2016-07-21
* Use xz as primary compression algorithm.
* Newline appearing in user IDs must be removed.
* The whole fingerprint is stored, nut just the 4 bytes key
ID. Moreover, the fingerprint is stored in hexadecimal format.
Available at
https://github.com/giomasce/wotsap/blob/master/wotfileformat.txt
Version 0.2 - 2004-11-07
* Some clarifications
* Easier parsing of signatures chunk
signatures chunk in 0.1 contained:
"For each key, a list specifying the keys that has signed this
key. The list elements are 4-byte indices into the above
lists. The lists are in the same order as in the above chunks.
The lists are separated by 0xFFFFFFFF."
* Specify if primary UID is signed
* Specify cert check level
* New (optional) debug file
* Renamed internal files as "chunks" to avoid confusion
Available at
http://www.lysator.liu.se/~jc/wotsap/wotfileformat-0.2.txt
with detached signature at
http://www.lysator.liu.se/~jc/wotsap/wotfileformat-0.2.txt.sig
Version 0.1 - 2003-03-26
Initial version, available at
http://www.lysator.liu.se/~jc/wotsap/wotfileformat-0.1.txt
with detached signature at
http://www.lysator.liu.se/~jc/wotsap/wotfileformat-0.1.txt.sig
6. Author and date
Jörgen Cederlöf <[email protected]>, 2004-11-07
Giovanni Mascellani <[email protected]>, 2016-07-21