Verifying gpg keys
Suppose you have a gpg keyid like
9F6C6333 that corresponds to both key
88BB08F633073D7129383EE71EA37A0C9F6C6333, and you don't know which of the two
You go to http://pgp.cs.uu.nl/ and find out that the site uses short key IDs, so the two keys are indistinguishable.
Building on Clint's hopenpgp-tools,
I made a script that
screenscrapes http://pgp.cs.uu.nl/ for trust paths, downloads all the
potentially connecting keys in a temporary keyring, and runs
hkt findpaths on
$ ./verify-trust-paths 1793D6AB75663E6BF104953A634F4BD1E7AD5568 1AE0322EB8F74717BDEABF1D44BB1BA79F6C6333 hkt (hopenpgp-tools) 0.18 Copyright (C) 2012-2016 Clint Adams hkt comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. (4,[1,4,3,6]) (1,1793D6AB75663E6BF104953A634F4BD1E7AD5568) (3,F8921D3A7404C86E11352215C7197699B29B232A) (4,C331BA3F75FB723B5873785B06EAA066E397832F) (6,1AE0322EB8F74717BDEABF1D44BB1BA79F6C6333) $ ./verify-trust-paths 1793D6AB75663E6BF104953A634F4BD1E7AD5568 88BB08F633073D7129383EE71EA37A0C9F6C6333 hkt (hopenpgp-tools) 0.18 Copyright (C) 2012-2016 Clint Adams hkt comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. (0,)
This is a start: it could look in the local keyring for all ultimately trusted key finegrprints and use those as starting points. It could just take as an argument a short keyid and automatically check all matching fingerprints.
Please send patches, or take it over: I'd like to see this grow.