diff --git a/.gitignore b/.gitignore index 336b55621..a1cc00bf1 100644 --- a/.gitignore +++ b/.gitignore @@ -17,6 +17,4 @@ Gemfile.lock test/gnupg_test_home/random_seed test/gnupg_test_home/trustdb.gpg test/gnupg_test_home/.gpg-v21-migrated -test/gnupg_test_home/private-keys-v1.d - - +test/gnupg_test_home/openpgp-revocs.d diff --git a/test/gnupg_test_home/key1.gen b/test/gnupg_test_home/key1.gen deleted file mode 100644 index e5c7b04df..000000000 --- a/test/gnupg_test_home/key1.gen +++ /dev/null @@ -1,15 +0,0 @@ - %echo Generating a standard key - Key-Type: DSA - Key-Length: 1024 - Subkey-Type: ELG-E - Subkey-Length: 1024 - Name-Real: Sup Test Sender 1 - Name-Comment: Test sender key - Name-Email: sup-test-1@foo.bar - Expire-Date: 1y - %no-protection - %pubring pubring.gpg - %secring secring.gpg - # Do a commit here, so that we can later print "done" :-) - %commit - %echo done diff --git a/test/gnupg_test_home/key2.gen b/test/gnupg_test_home/key2.gen deleted file mode 100644 index 3533e4fa6..000000000 --- a/test/gnupg_test_home/key2.gen +++ /dev/null @@ -1,15 +0,0 @@ - %echo Generating a standard key - Key-Type: DSA - Key-Length: 1024 - Subkey-Type: ELG-E - Subkey-Length: 1024 - Name-Real: Sup Test Receiver - Name-Comment: Test receiver for Sup - Name-Email: sup-test-2@foo.bar - Expire-Date: 1y - %no-protection - %pubring pubring.gpg - %secring secring.gpg - # Do a commit here, so that we can later print "done" :-) - %commit - %echo done diff --git a/test/gnupg_test_home/key_ecc.gen b/test/gnupg_test_home/key_ecc.gen deleted file mode 100644 index ac778d526..000000000 --- a/test/gnupg_test_home/key_ecc.gen +++ /dev/null @@ -1,13 +0,0 @@ - %echo Generating a standard key - Key-Type: eddsa - Key-Curve: Ed25519 - Name-Real: Sup Test ECC - Name-Comment: Test ECC key - Name-Email: sup-test-ecc@foo.bar - Expire-Date: 1y - %no-protection - %pubring pubring.gpg - %secring secring.gpg - # Do a commit here, so that we can later print "done" :-) - %commit - %echo done diff --git a/test/gnupg_test_home/private-keys-v1.d/306D2EE90FF0014B5B9FD07E265C751791674140.key b/test/gnupg_test_home/private-keys-v1.d/306D2EE90FF0014B5B9FD07E265C751791674140.key new file mode 100644 index 000000000..d92668802 Binary files /dev/null and b/test/gnupg_test_home/private-keys-v1.d/306D2EE90FF0014B5B9FD07E265C751791674140.key differ diff --git a/test/gnupg_test_home/private-keys-v1.d/719C7455A7169C6EE8819C6E91002E4F9DD00A65.key b/test/gnupg_test_home/private-keys-v1.d/719C7455A7169C6EE8819C6E91002E4F9DD00A65.key deleted file mode 100644 index 72cedae56..000000000 --- a/test/gnupg_test_home/private-keys-v1.d/719C7455A7169C6EE8819C6E91002E4F9DD00A65.key +++ /dev/null @@ -1 +0,0 @@ -(11:private-key(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q33:@R:_eݒ٥K28iA-t)(1:d32:}yU DhT@))) \ No newline at end of file diff --git a/test/gnupg_test_home/private-keys-v1.d/8A130806A754AA29D59487D76BD355040D9F26C0.key b/test/gnupg_test_home/private-keys-v1.d/8A130806A754AA29D59487D76BD355040D9F26C0.key deleted file mode 100644 index 71eece151..000000000 Binary files a/test/gnupg_test_home/private-keys-v1.d/8A130806A754AA29D59487D76BD355040D9F26C0.key and /dev/null differ diff --git a/test/gnupg_test_home/private-keys-v1.d/B7AA46B22BD8A6AD1B4F266C19A3B124A32DDD71.key b/test/gnupg_test_home/private-keys-v1.d/B7AA46B22BD8A6AD1B4F266C19A3B124A32DDD71.key deleted file mode 100644 index 6982c1550..000000000 Binary files a/test/gnupg_test_home/private-keys-v1.d/B7AA46B22BD8A6AD1B4F266C19A3B124A32DDD71.key and /dev/null differ diff --git a/test/gnupg_test_home/private-keys-v1.d/FA64ACD7CC871371BDF57285A6CDF0E618827783.key b/test/gnupg_test_home/private-keys-v1.d/FA64ACD7CC871371BDF57285A6CDF0E618827783.key deleted file mode 100644 index 05dbff2f0..000000000 Binary files a/test/gnupg_test_home/private-keys-v1.d/FA64ACD7CC871371BDF57285A6CDF0E618827783.key and /dev/null differ diff --git a/test/gnupg_test_home/pubring.gpg b/test/gnupg_test_home/pubring.gpg index e02408761..af5de6b5d 100644 Binary files a/test/gnupg_test_home/pubring.gpg and b/test/gnupg_test_home/pubring.gpg differ diff --git a/test/gnupg_test_home/receiver_pubring.gpg b/test/gnupg_test_home/receiver_pubring.gpg index aec32584b..60b19a807 100644 Binary files a/test/gnupg_test_home/receiver_pubring.gpg and b/test/gnupg_test_home/receiver_pubring.gpg differ diff --git a/test/gnupg_test_home/receiver_secring.gpg b/test/gnupg_test_home/receiver_secring.gpg index 460f1a30e..86ffd3bdc 100644 Binary files a/test/gnupg_test_home/receiver_secring.gpg and b/test/gnupg_test_home/receiver_secring.gpg differ diff --git a/test/gnupg_test_home/regen_keys.sh b/test/gnupg_test_home/regen_keys.sh index 06dd3150e..9afb83667 100755 --- a/test/gnupg_test_home/regen_keys.sh +++ b/test/gnupg_test_home/regen_keys.sh @@ -1,38 +1,89 @@ -#! /bin/bash +#!/bin/bash # # re-generate test keys for the sup test base # # https://github.com/sup-heliotrope/sup/wiki/Development%3A-Crypto +# +# Requires GPG 2.1+ installed as "gpg2" +# +# GPG 2.1+ by default uses pubring.kbx - but this isn't backwards compatible +# with GPG 1 or GPG 2.0. +# Workaround: +# - Create empty pubring.gpg file, which causes GPG 2.1+ to use this +# backwards-compatible store. +# - Manually export private key copy to secring.gpg, which would be used +# by GPG 1. + +set -e -u -o pipefail pushd $(dirname $0) -export GNUPGHOME="$(pwd)" +echo "Generating keys in: $(pwd)..." -echo "genrating keys in: $GNUPGHOME.." +echo "Checking gpg2 version" +gpg2 --version | head -1 -rm *.gpg *.asc +echo "Deleting all existing test keys" +rm -f \ + *.gpg \ + *.asc \ + private-keys-v1.d/*.key \ + .gpg-v21-migrated -echo "generate receiver key.." -gpg --batch --gen-key key2.gen +echo "Generating key pair for test receiver (email sup-test-2@foo.bar.asc)" +touch pubring.gpg # So GPG 2.1+ writes to pubring.gpg instead of pubring.kbx +gpg2 \ + --homedir . \ + --batch \ + --pinentry-mode loopback \ + --passphrase '' \ + --quick-generate-key sup-test-2@foo.bar rsa encrypt,sign 0 -echo "export receiver key.." +echo "Exporting public key only for test receiver (file sup-test-2@foo.bar.asc)" +gpg2 \ + --homedir . \ + --armor \ + --output sup-test-2@foo.bar.asc \ + --export sup-test-2@foo.bar -gpg --output sup-test-2@foo.bar.asc --armor --export sup-test-2@foo.bar +echo "Backing up secret key for test receiver (file receiver_secring.gpg)" +gpg2 \ + --homedir . \ + --export-secret-keys \ + >receiver_secring.gpg -mv trustdb.gpg receiver_trustdb.gpg -mv secring.gpg receiver_secring.gpg -mv pubring.gpg receiver_pubring.gpg +echo "Backing up pubring.gpg for test receiver (file receiver_pubring.gpg)" +cp -a pubring.gpg receiver_pubring.gpg -echo "generate sender key.." -gpg --batch --gen-key key1.gen +echo "Clearing key store, so we can start from a blank slate for next key(s)" +rm -f pubring.gpg trustdb.gpg private-keys-v1.d/*.key .gpg-v21-migrated -echo "generate ecc key.." -gpg --batch --gen-key key_ecc.gen +echo "Generating key pair for sender (email sup-test-1@foo.bar)" +touch pubring.gpg # So GPG 2.1+ writes to pubring.gpg instead of pubring.kbx +gpg2 \ + --homedir . \ + --batch \ + --pinentry-mode loopback \ + --passphrase '' \ + --quick-generate-key sup-test-1@foo.bar rsa encrypt,sign 0 -echo "import receiver key.." -gpg --import sup-test-2@foo.bar.asc +echo "Importing public key for receiver, into sender's key store" +gpg2 \ + --homedir . \ + --import sup-test-2@foo.bar.asc +echo "Copy private key also to secring.gpg (old format used by GPG 1)" +gpg2 \ + --homedir . \ + --export-secret-keys \ + >secring.gpg +echo "Done." -popd +echo "We now have two non-expiring public keys (receiver & sender):" +gpg2 --homedir . --list-keys +echo "And we also have only *one* corresponding private key (sender only):" +gpg2 --homedir . --list-secret-keys + +popd diff --git a/test/gnupg_test_home/secring.gpg b/test/gnupg_test_home/secring.gpg index 71d0b55a0..e07a662fb 100644 Binary files a/test/gnupg_test_home/secring.gpg and b/test/gnupg_test_home/secring.gpg differ diff --git a/test/gnupg_test_home/sup-test-2@foo.bar.asc b/test/gnupg_test_home/sup-test-2@foo.bar.asc index fee68f6ef..210780c42 100644 --- a/test/gnupg_test_home/sup-test-2@foo.bar.asc +++ b/test/gnupg_test_home/sup-test-2@foo.bar.asc @@ -1,25 +1,23 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2 -mQGiBFP3VogRBADVBEkaZQXj728C1HUIaTRDCFoKzojwC79Z1BLsD72qQYE8z1ic -5P9CJpJU5wbhQFDTGBjw+i1nNTWy01z4q5bfFqok+KorT3XNp5IJRcRIEOkj+Twq -7ZaSODwXGsUmdzSoOVDYmtUpVzRQe0IM0rPQQV4vGzgw55FdJBe7a63nIwCg+WvR -iQN09PlhpGG7SIEmx0psEqUEAL/t1c5oC9RC7L4a0GM+2AcgFRBMXvzpdnytrzgt -73Ud6CcUplQp6WODrUYhX0RLzSJPO4zWDsBmkBad/iQCwbCKpFPfAFdBMArJpknx -rc6vRED4a9dLfCNTT1g86CkiElge9t36juZgOoFT3xt/XP7BxhU1fCFshZNR6VK6 -tN9eA/9G4fUX6XvEGIrNiBYKyU4QvM1nyMXCBujm7vYF6KfSlYyAvVXxG4h+mvUy -ZXQ/WHMQJSbPTY3dd4hmo0p0GUMlSvXU8JLf7qienW1IccD9Pv88J1XjkbFd+wgw -feoSx1sAfc36gH+aE17lvsU+PPAP4Bc9CSiScNo0iQv7v/KZjrQ+U3VwIFRlc3Qg -UmVjZWl2ZXIgKFRlc3QgcmVjZWl2ZXIgZm9yIFN1cCkgPHN1cC10ZXN0LTJAZm9v -LmJhcj6IaQQTEQIAKQUCU/dWiAIbIwUJAeEzgAcLCQgHAwIBBhUIAgkKCwQWAgMB -Ah4BAheAAAoJEKfs+g8ACvQGPxIAnj1CSZCzjwyIFLgNEQnIhntU+b28AKDsMEVN -gf9mHqwhabN+UKgBwX0U3LkBDQRT91aIEAQAjQZEnDK++SKp/l2Oiku6H9IuCsi4 -lv+MhLQP0bMuD4DrPk3mauZNc8BB+U0wgAMh/kZoCKySEdMK1mcf2iOsd5yOCrK+ -sJQAMsALAnrYjCE9QA2xIQs8gHF4PrKopycF55iRHQMDNa1QWfs+j4WJaXderlGQ -S0dGfLyoqtZsFusAAwUEAIi0+aDZlAVVIdDO2cvR0lu6eDW2Mr2ExZzuwTfAI6dS -tJLoPzoA2OAVW7cFVVpCOHcVLiF2GOHvtJPw1MgpxaNjzpNdJPTiP2sYZg253dfR -v66Cw9IuWKgZcElWXmIy5vFWqWWbLyTBOuwEQxCsFnjN9UUZauSADOJSPFy1sekf -iE8EGBECAA8FAlP3VogCGwwFCQHhM4AACgkQp+z6DwAK9Ab/swCg8LWNwfMwNk+H -gLgnS1LVsesZ8D4An2Ie2P0/oYuSmPPFV44kbWySX9wW -=Jo82 +mQGNBF7leTkBDAC3auy8xodH6jxoISylFZTpVqy/0L2ul879YUb/QbC58+F/H36S +CjLfPxFlq0FAOXHelOvktxaybg+BG5UpSvTgBLbcArq5nctee+04TMXCzQzrG2V1 +zb9gIRT665fX3+WYncSIXdr4LAp7r8Jw3RT3tTOZqbaencumCWaJblnvfFwPrMKf +AXWa/NVndNMAXmJ5uBf1MRr45KXaQ2tczPIeHqSOKhKNnKZPRqPs0fg4i3d0Vb6G +yItgtJapfBo50FV+PvtodMHo3LDlz/BBjdEJHSvghqEjb1S7xGo+hdXs+lfCMfa0 +3PAWoj+OeHNorbK0YbVKOtS0E0xYvScbyC7bfwtA9yb3LZYmy7VHsKJmQfygCNQ6 +wIKQGAVN1NcQcJsvWyAwk9+WMN5oqB5lb76u40beoWlUjSJRlph2VvWvkGuh/huU +sVGqcN7EO4SFkwi2YQLoWfQRGur3mids/PQTBywpGE1SyziPZK76pT6SqP8b+OpI +CG1QbcTZzYpbv6kAEQEAAbQSc3VwLXRlc3QtMkBmb28uYmFyiQHOBBMBCgA4FiEE +e0oXvVeqMzUcfd1s2bF8xbTizW8FAl7leTkCGw8FCwkIBwIGFQoJCAsCBBYCAwEC +HgECF4AACgkQ2bF8xbTizW92TAv/WGlYfDTKNEmJ0K+kxt33T2ldmZXaJKL04Mft +h5s5KlRZWDNpkCC/L55uyaeEg+Uy+BEEQKLAEeJrrLMV8UMJwMPDOizSTT9uLyiz +b8RjnQw4iMT8wt9TQboXGaTMslwdXvFPii7w44KgCimE7VuPetJuLMLMbnl147G8 ++QhkNUsrB51TuPS8xZJ4qjbH+K/Y2NlvwLtJrxNE3SRQuy2ApYJxKPZIj1KpUL8M +7Jy/2hI8DaRm/0Fpu8HwRIVsd6/dgdkqdj1uVyLj+wyhgdzqV5WrPLFCRVhd3icd +lPNRIDjg8YKCh353LVHjKwefOW4SnkOPn4uVMdCP9gUFd9zpMP9lMFpjk0o0tcYO +NiFrOclS4q5qZ5jrj1MnBF0NaGhuC83DDgRfKV+p5noVeJxg0nXYZSlsSMfAT/K7 +FbdNEg0XUsrLgWVzhvWv/ebMetFPSfGHIveZ7lhiq1qpA5hLBNfSSBb1JJsFmtQt +cEUluymdNe5W7Y6UGs1CpvcIvbj+ +=Cy9S -----END PGP PUBLIC KEY BLOCK-----