diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index 506bce526..c87dd0a7e 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -1,270 +1,285 @@
# Makefile.am - For tests/openpgp
# Copyright (C) 1998, 1999, 2000, 2001, 2003,
# 2010 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <https://www.gnu.org/licenses/>.
# Process this file with automake to create Makefile.in
# Programs required before we can run these tests.
required_pgms = ../../g10/gpg$(EXEEXT) ../../agent/gpg-agent$(EXEEXT) \
../../tools/gpg-connect-agent$(EXEEXT) \
../gpgscm/gpgscm$(EXEEXT)
AM_CPPFLAGS = -I$(top_srcdir)/common
include $(top_srcdir)/am/cmacros.am
AM_CFLAGS =
noinst_PROGRAMS = fake-pinentry
fake_pinentry_SOURCES = fake-pinentry.c
TESTS_ENVIRONMENT = LC_ALL=C \
EXEEXT=$(EXEEXT) \
PATH=../gpgscm:$(PATH) \
abs_top_srcdir=$(abs_top_srcdir) \
objdir=$(abs_top_builddir) \
GPGSCM_PATH=$(abs_top_srcdir)/tests/gpgscm
XTESTS = \
version.scm \
enarmor.scm \
mds.scm \
decrypt.scm \
decrypt-multifile.scm \
decrypt-dsa.scm \
decrypt-session-key.scm \
decrypt-unwrap-verify.scm \
sigs.scm \
sigs-dsa.scm \
encrypt.scm \
encrypt-multifile.scm \
encrypt-dsa.scm \
compression.scm \
seat.scm \
clearsig.scm \
encryptp.scm \
detach.scm \
detachm.scm \
armsigs.scm \
armencrypt.scm \
armencryptp.scm \
signencrypt.scm \
signencrypt-dsa.scm \
armsignencrypt.scm \
armdetach.scm \
armdetachm.scm \
genkey1024.scm \
conventional.scm \
conventional-mdc.scm \
multisig.scm \
verify.scm \
verify-multifile.scm \
gpgv.scm \
gpgv-forged-keyring.scm \
armor.scm \
import.scm \
import-revocation-certificate.scm \
ecc.scm \
4gb-packet.scm \
tofu.scm \
+ trust-pgp-1.scm \
+ trust-pgp-2.scm \
+ trust-pgp-3.scm \
+ trust-pgp-4.scm! \
gpgtar.scm \
use-exact-key.scm \
default-key.scm \
export.scm \
ssh-import.scm \
ssh-export.scm \
quick-key-manipulation.scm \
key-selection.scm \
delete-keys.scm \
gpgconf.scm \
issue2015.scm \
issue2346.scm \
issue2417.scm \
issue2419.scm \
issue2929.scm \
issue2941.scm
# XXX: Currently, one cannot override automake's 'check' target. As a
# workaround, we avoid defining 'TESTS', thus automake will not emit
# the 'check' target. For extra robustness, we merely define a
# dependency on 'xcheck', so this hack should also work even if
# automake would emit the 'check' target, as adding dependencies to
# targets is okay.
check: xcheck
.PHONY: xcheck
xcheck:
$(TESTS_ENVIRONMENT) $(abs_top_builddir)/tests/gpgscm/gpgscm \
$(abs_srcdir)/run-tests.scm $(TESTFLAGS) $(TESTS)
TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
plain-1.asc plain-2.asc plain-3.asc plain-1-pgp.asc \
plain-largeo.asc plain-large.asc \
pubring.pkr.asc secring.skr.asc secdemo.asc pubdemo.asc \
bug537-test.data.asc bug894-test.asc \
bug1223-good.asc bug1223-bogus.asc 4gb-packet.asc \
tofu/conflicting/1C005AF3.gpg \
tofu/conflicting/1C005AF3-secret.gpg \
tofu/conflicting/1C005AF3-1.txt \
tofu/conflicting/1C005AF3-2.txt \
tofu/conflicting/1C005AF3-3.txt \
tofu/conflicting/1C005AF3-4.txt \
tofu/conflicting/1C005AF3-5.txt \
tofu/conflicting/B662E42F.gpg \
tofu/conflicting/B662E42F-secret.gpg \
tofu/conflicting/B662E42F-1.txt \
tofu/conflicting/B662E42F-2.txt \
tofu/conflicting/B662E42F-3.txt \
tofu/conflicting/B662E42F-4.txt \
tofu/conflicting/B662E42F-5.txt \
tofu/conflicting/BE04EB2B.gpg \
tofu/conflicting/BE04EB2B-secret.gpg \
tofu/conflicting/BE04EB2B-1.txt \
tofu/conflicting/BE04EB2B-2.txt \
tofu/conflicting/BE04EB2B-3.txt \
tofu/conflicting/BE04EB2B-4.txt \
tofu/conflicting/BE04EB2B-5.txt \
tofu/cross-sigs/EC38277E-secret.gpg \
tofu/cross-sigs/EC38277E-1.gpg \
tofu/cross-sigs/EC38277E-1.txt \
tofu/cross-sigs/EC38277E-2.gpg \
tofu/cross-sigs/EC38277E-2.txt \
tofu/cross-sigs/EC38277E-3.txt \
tofu/cross-sigs/871C2247-secret.gpg \
tofu/cross-sigs/871C2247-1.gpg \
tofu/cross-sigs/871C2247-1.txt \
tofu/cross-sigs/871C2247-2.gpg \
tofu/cross-sigs/871C2247-2.txt \
tofu/cross-sigs/871C2247-3.gpg \
tofu/cross-sigs/871C2247-3.txt \
tofu/cross-sigs/871C2247-4.gpg \
tofu/cross-sigs/README \
key-selection/0.asc \
key-selection/1.asc \
key-selection/2.asc \
key-selection/3.asc \
- key-selection/4.asc
+ key-selection/4.asc \
+ trust-pgp/scenario1.asc \
+ trust-pgp/scenario2.asc \
+ trust-pgp/scenario3.asc \
+ trust-pgp/scenario4.asc \
+ trust-pgp/alice.sec.asc \
+ trust-pgp/bobby.sec.asc \
+ trust-pgp/carol.sec.asc \
+ trust-pgp/david.sec.asc \
+ trust-pgp/frank.sec.asc \
+ trust-pgp/grace.sec.asc \
+ trust-pgp/heidi.sec.asc
data_files = data-500 data-9000 data-32000 data-80000 plain-large
priv_keys = privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc \
privkeys/7E201E28B6FEB2927B321F443205F4724EBE637E.asc \
privkeys/13FDB8809B17C5547779F9D205C45F47CE0217CE.asc \
privkeys/343D8AF79796EE107D645A2787A9D9252F924E6F.asc \
privkeys/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.asc \
privkeys/0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255.asc \
privkeys/FD692BD59D6640A84C8422573D469F84F3B98E53.asc \
privkeys/76F7E2B35832976B50A27A282D9B87E44577EB66.asc \
privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc \
privkeys/0DD40284FF992CD24DC4AAC367037E066FCEE26A.asc \
privkeys/2BC997C0B8691D41D29A4EC81CCBCF08454E4961.asc \
privkeys/3C9D5ECA70130C2DBB1FC6AC0076BEEEC197716F.asc \
privkeys/449E644892C951A37525654730DD32C202079926.asc \
privkeys/58FFE844087634E62440224908BDE44BEA7EB730.asc \
privkeys/4DF9172D6FF428C97A0E9AA96F03E8BCE3B2F188.asc \
privkeys/9D7CD8F53F2F14C3E2177D1E9D1D11F39513A4A4.asc \
privkeys/6E6B7ED0BD4425018FFC54F3921D5467A3AE00EB.asc \
privkeys/C905D0AB6AE9655C5A35975939997BBF3325D6DD.asc \
privkeys/B2BAA7144303DF19BB6FDE23781DD3FDD97918D4.asc \
privkeys/CF60965BF51F67CF80DECE853E0D2D343468571D.asc \
privkeys/DF00E361D34F80868D06879AC21D7A7D4E4FAD76.asc \
privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc \
privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc \
privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc \
privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc \
privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc \
privkeys/1E28F20E41B54C2D1234D896096495FF57E08D18.asc \
privkeys/EB33B687EB8581AB64D04852A54453E85F3DF62D.asc \
privkeys/C6A6390E9388CDBAD71EAEA698233FE5E04F001E.asc \
privkeys/D69102E0F5AC6B6DB8E4D16DA8E18CF46D88CAE3.asc
sample_keys = samplekeys/README \
samplekeys/ecc-sample-1-pub.asc \
samplekeys/ecc-sample-2-pub.asc \
samplekeys/ecc-sample-3-pub.asc \
samplekeys/ecc-sample-1-sec.asc \
samplekeys/ecc-sample-2-sec.asc \
samplekeys/ecc-sample-3-sec.asc \
samplekeys/eddsa-sample-1-pub.asc \
samplekeys/eddsa-sample-1-sec.asc \
samplekeys/dda252ebb8ebe1af-1.asc \
samplekeys/dda252ebb8ebe1af-2.asc \
samplekeys/whats-new-in-2.1.asc \
samplekeys/e2e-p256-1-clr.asc \
samplekeys/e2e-p256-1-prt.asc \
samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc \
samplekeys/rsa-rsa-sample-1.asc \
samplekeys/ed25519-cv25519-sample-1.asc \
samplekeys/silent-running.asc \
samplekeys/ssh-dsa.key \
samplekeys/ssh-ecdsa.key \
samplekeys/ssh-ed25519.key \
samplekeys/ssh-rsa.key \
samplekeys/issue2346.gpg \
samplekeys/authenticate-only.pub.asc \
samplekeys/authenticate-only.sec.asc
sample_msgs = samplemsgs/clearsig-1-key-1.asc \
samplemsgs/clearsig-2-keys-1.asc \
samplemsgs/clearsig-2-keys-2.asc \
samplemsgs/enc-1-key-1.asc \
samplemsgs/enc-1-key-2.asc \
samplemsgs/enc-2-keys-1.asc \
samplemsgs/enc-2-keys-2.asc \
samplemsgs/enc-2-keys-hh-1.asc \
samplemsgs/enc-2-keys-hr-1.asc \
samplemsgs/enc-2-keys-rh-1.asc \
samplemsgs/encsig-2-2-keys-3.asc \
samplemsgs/encsig-2-2-keys-4.asc \
samplemsgs/encsig-2-keys-1.asc \
samplemsgs/encsig-2-keys-2.asc \
samplemsgs/encsig-2-keys-3.asc \
samplemsgs/encsig-2-keys-4.asc \
samplemsgs/encz0-1-key-1.asc \
samplemsgs/encz0-1-key-2.asc \
samplemsgs/issue2419.asc \
samplemsgs/revoke-2D727CC768697734.asc \
samplemsgs/sig-1-key-1.asc \
samplemsgs/sig-1-key-2.asc \
samplemsgs/sig-2-keys-1.asc \
samplemsgs/sig-2-keys-2.asc \
samplemsgs/signed-1-key-1.asc \
samplemsgs/signed-1-key-2.asc \
samplemsgs/signed-2-keys-1.asc \
samplemsgs/signed-2-keys-2.asc
-EXTRA_DIST = defs.scm $(XTESTS) $(TEST_FILES) \
+EXTRA_DIST = defs.scm trust-pgp/common.scm $(XTESTS) $(TEST_FILES) \
mkdemodirs signdemokey $(priv_keys) $(sample_keys) \
$(sample_msgs) ChangeLog-2011 run-tests.scm \
setup.scm shell.scm all-tests.scm signed-messages.scm
CLEANFILES = prepared.stamp x y yy z out err $(data_files) \
plain-1 plain-2 plain-3 trustdb.gpg *.lock .\#lk* \
*.log gpg_dearmor gpg.conf gpg-agent.conf S.gpg-agent \
pubring.gpg pubring.gpg~ pubring.kbx pubring.kbx~ \
secring.gpg pubring.pkr secring.skr \
gnupg-test.stop random_seed gpg-agent.log tofu.db \
passphrases sshcontrol S.gpg-agent.ssh report.xml
clean-local:
-rm -rf private-keys-v1.d openpgp-revocs.d tofu.d gpgtar.d
# We need to depend on a couple of programs so that the tests don't
# start before all programs are built.
all-local: $(required_pgms)
diff --git a/tests/openpgp/trust-pgp-1.scm b/tests/openpgp/trust-pgp-1.scm
new file mode 100755
index 000000000..235cb551d
--- /dev/null
+++ b/tests/openpgp/trust-pgp-1.scm
@@ -0,0 +1,76 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2017 Damien Goutte-Gattat
+;;
+;; This file is part of GnuPG.
+;;
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (in-srcdir "tests" "openpgp" "trust-pgp" "common.scm"))
+
+(display "Checking basic WoT (classic trust model)...\n")
+
+(initscenario "scenario1")
+
+;; Check initial state.
+(checktrust BOBBY "f") ;; Directly signed by Alice's key.
+(checktrust CAROL "q") ;; Signed by Bobby, whose key has
+ ;; no explicit ownertrust.
+(checktrust DAVID "q") ;; Likewise.
+(checktrust FRANK "q") ;; Likewise.
+(checktrust GRACE "-") ;; Signed by the previous three keys;
+ ;; not evaluated since they are not valid.
+
+;; Let's trust Bobby.
+;; This should make Carol's, David's, and Frank's keys valid.
+(setownertrust BOBBY FULLTRUST)
+(updatetrustdb)
+(checktrust CAROL "f")
+(checktrust DAVID "f")
+(checktrust FRANK "f")
+(checktrust GRACE "q") ;; Now evaluated, but validity still unknown.
+
+;; Let's trust (marginally) Carol and David.
+;; This should not be enough to make Grace's key fully valid
+;; since marginals-needed defaults to 3.
+(setownertrust CAROL MARGINALTRUST)
+(setownertrust DAVID MARGINALTRUST)
+(updatetrustdb)
+(checktrust GRACE "m")
+
+;; Add marginal ownertrust to Frank's key.
+;; This should make Grace's key fully valid.
+(setownertrust FRANK MARGINALTRUST)
+(updatetrustdb)
+(checktrust GRACE "f")
+
+;; Now let's play with the length of certification chains.
+;; Setting max-cert-length to 2 should put Grace's key
+;; one step too far from Alice's key.
+(let ((max-cert-depth (gpg-config 'gpg "max-cert-depth")))
+ (max-cert-depth::update 2))
+(updatetrustdb)
+(checktrust GRACE "-")
+
+;; Raise the bar for assigning full validity.
+;; Bobby's key should be the only one retaining full validity.
+(let ((completes-needed (gpg-config 'gpg "completes-needed")))
+ (completes-needed::update 2))
+(updatetrustdb)
+(checktrust BOBBY "f")
+(checktrust CAROL "m")
+(checktrust DAVID "m")
+(checktrust FRANK "m")
+(checktrust GRACE "-")
diff --git a/tests/openpgp/trust-pgp-2.scm b/tests/openpgp/trust-pgp-2.scm
new file mode 100755
index 000000000..a56d0a9d6
--- /dev/null
+++ b/tests/openpgp/trust-pgp-2.scm
@@ -0,0 +1,39 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2017 Damien Goutte-Gattat
+;;
+;; This file is part of GnuPG.
+;;
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (in-srcdir "tests" "openpgp" "trust-pgp" "common.scm"))
+
+(display "Checking WoT with trust signatures (PGP trust model)...\n")
+
+(initscenario "scenario2")
+
+(checktrust BOBBY "f") ;; Tsigned by Alice with trust=120.
+(checktrust CAROL "f") ;; Signed by Bobby, whose key should have full
+ ;; ownertrust due to the tsig.
+(checktrust DAVID "f") ;; Signed by Alice.
+(checktrust FRANK "q") ;; Tsigned by David, whose key has no ownertrust.
+(checktrust GRACE "-") ;; Signed by Frank.
+
+(setownertrust DAVID FULLTRUST)
+(updatetrustdb)
+(checktrust FRANK "f") ;; David's key has now full ownertrust.
+(checktrust GRACE "q") ;; David is not authorized to emit tsigs,
+ ;; so his tsig on Frank's key should be treated
+ ;; like a normal sig (confering no ownertrust).
diff --git a/tests/openpgp/trust-pgp-3.scm b/tests/openpgp/trust-pgp-3.scm
new file mode 100755
index 000000000..33832db26
--- /dev/null
+++ b/tests/openpgp/trust-pgp-3.scm
@@ -0,0 +1,31 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2017 Damien Goutte-Gattat
+;;
+;; This file is part of GnuPG.
+;;
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (in-srcdir "tests" "openpgp" "trust-pgp" "common.scm"))
+
+(display "Checking max depth of trust signature chains...\n")
+
+(initscenario "scenario3")
+
+(checktrust BOBBY "f") ;; Tsigned by Alice (level=2, trust=120).
+(checktrust CAROL "f") ;; Tsigned by Bobby (level=2, trust=120).
+(checktrust DAVID "f") ;; Tsigned by Carol (level=2, trust=120).
+(checktrust FRANK "q") ;; The tsig from Carol does not confer
+ ;; ownertrust to David's key (too deep).
diff --git a/tests/openpgp/trust-pgp-4.scm b/tests/openpgp/trust-pgp-4.scm
new file mode 100755
index 000000000..17746a5a1
--- /dev/null
+++ b/tests/openpgp/trust-pgp-4.scm
@@ -0,0 +1,37 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2017 Damien Goutte-Gattat
+;;
+;; This file is part of GnuPG.
+;;
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (in-srcdir "tests" "openpgp" "trust-pgp" "common.scm"))
+
+(display "Checking trust signature with domain restrictions...\n")
+
+(initscenario "scenario4")
+
+(checktrust BOBBY "f") ;; Tsigned by Alice, allowed to sign for example.com.
+(checktrust CAROL "-") ;; Signed by Bobby, but the signature should be
+ ;; ignored since Carol has an address in example.net.
+
+(checktrust DAVID "f") ;; Tsigned by Alice, allowed to sign for example.net.
+(checktrust FRANK "-") ;; Tsignature from David should be ignored because
+ ;; Frank has an address in example.com.
+
+(checktrust HEIDI "f") ;; Tsigned by David, should be valid since Heidi
+ ;; has an address in example.org.
+(checktrust GRACE "f") ;; Signed by Heidi.
diff --git a/tests/openpgp/trust-pgp/alice.sec.asc b/tests/openpgp/trust-pgp/alice.sec.asc
new file mode 100644
index 000000000..1cdde468d
--- /dev/null
+++ b/tests/openpgp/trust-pgp/alice.sec.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lHcEWW2+WxMIKoZIzj0DAQcCAwQnUnqiwvOPU7gGepFTew8Fk5kmVexr+PvaqXgv
+9wKxNzZrs4GvamULk9pl2euwJGKPBRJRz8RSNpW6HIIzAPoOAAEAgOZk+WDjrmum
+0OygJdb6qJp27qsyXvMVZ8AGlsdYtUgS37QZQWxpY2UgPGFsaWNlQGV4YW1wbGUu
+b3JnPoiQBBMTCAA4FiEE/Zsg3TyYEj7ur4zFG6QVONLmVrUFAlltvlsCGwMFCwkI
+BwIGFQgJCgsCBBYCAwECHgECF4AACgkQG6QVONLmVrU7PAEAvOqeIRMiJ8Ne0tz+
+K1aRz/np/umCQxO8ddm9mnr4M7EA/1z4YdD06wJXp4RXUI0G2QOHTY+QXMShCFrp
+ySArWQqN
+=3+Iz
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/bobby.sec.asc b/tests/openpgp/trust-pgp/bobby.sec.asc
new file mode 100644
index 000000000..2164b5d08
--- /dev/null
+++ b/tests/openpgp/trust-pgp/bobby.sec.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lHcEWW3WihMIKoZIzj0DAQcCAwTtUYI84wfNPCwa/r2ke7tXz0uv/En9LQZbW0QE
+nzHigEvMXLfyjfjCf5tQ2eVbKLbABxtKwDtC2bv8dMcmgqd/AAEA6EzyQYtLOL9v
+4SErBRic7MmQfxFbEJIQSu2vtbWos/0QFLQZQm9iYnkgPGJvYmJ5QGV4YW1wbGUu
+Y29tPoiQBBMTCAA4FiEETT9Z9NgDD9LYRK/rpbrD7RJcyuUFAllt1ooCGwMFCwkI
+BwIGFQgJCgsCBBYCAwECHgECF4AACgkQpbrD7RJcyuWUjgEA9UreuOxgDzhSCGAQ
+5GtxBiXkmp/IuH/rvNI8qZaVnoIBAPs/VUgy3eySjF6g9wf/UzvqwUdtoaYvkyC2
+a25O7Lxc
+=76RO
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/carol.sec.asc b/tests/openpgp/trust-pgp/carol.sec.asc
new file mode 100644
index 000000000..d366f3f01
--- /dev/null
+++ b/tests/openpgp/trust-pgp/carol.sec.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lHcEWW3WrxMIKoZIzj0DAQcCAwS4HzEJ0YwXZ1SWciHOmWdfnESTvwC3Zb/sWRu8
+zdIeZzxAwu8lYQaDq/eOgKeXQVW5gxkQG5rCWUazbG+gCBEIAAEA2QzHlkxFJkTg
+QvZuimqU0AySYsleRUaO9B9UARiUbOYOwrQZQ2Fyb2wgPGNhcm9sQGV4YW1wbGUu
+bmV0PoiQBBMTCAA4FiEEbGJzXkVMzdefpspgEHkROuwSgv0FAllt1q8CGwMFCwkI
+BwIGFQgJCgsCBBYCAwECHgECF4AACgkQEHkROuwSgv3MygD+KdusoDvz7WZbsjjB
+WI/HLhWfWfXsoAR9mN/5rZ94HDgA/1VqbvUcM+vPU62g7/0qoGqWCda3SURB6263
+Kirbk6hY
+=wkQ4
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/common.scm b/tests/openpgp/trust-pgp/common.scm
new file mode 100644
index 000000000..2a545e869
--- /dev/null
+++ b/tests/openpgp/trust-pgp/common.scm
@@ -0,0 +1,66 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2017 Damien Goutte-Gattat
+;;
+;; This file is part of GnuPG.
+;;
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (in-srcdir "tests" "openpgp" "defs.scm"))
+
+;; Redefine GPG without --always-trust.
+(define GPG `(,(tool 'gpg)))
+
+;; Helper constants for setownertrust.
+(define MARGINALTRUST "4")
+(define FULLTRUST "5")
+(define ULTIMATETRUST "6")
+
+;; Assign OWNERTRUST to the key identified by the provided
+;; fingerprint KEYFPR.
+(define (setownertrust keyfpr ownertrust)
+ (pipe:do
+ (pipe:echo (string-append keyfpr ":" ownertrust ":\n"))
+ (pipe:gpg `(--import-ownertrust))))
+
+;; Force a trustdb update.
+(define (updatetrustdb)
+ (call-check `(,@GPG --check-trustdb --yes)))
+
+;; IDs of all the keys involved in those tests.
+(define ALICE "FD9B20DD3C98123EEEAF8CC51BA41538D2E656B5")
+(define BOBBY "4D3F59F4D8030FD2D844AFEBA5BAC3ED125CCAE5")
+(define CAROL "6C62735E454CCDD79FA6CA601079113AEC1282FD")
+(define DAVID "A0607635198CABA2C467FAA64CE5BB42E3984000")
+(define FRANK "CE1A0E07CF8A20CBF8DC47D6DB9017DBAE6CD0EF")
+(define GRACE "B935F4B8DA009AFBCCDD41386653A183007F8345")
+(define HEIDI "0389C0B7990E10520B334F23756F1571EDA9184B")
+
+;; Initialize a given scenario.
+;; NAME should be the basename of the scenario file
+;; in this directory.
+(define (initscenario name)
+ (setup-environment)
+ ;; Make sure we are using the PGP trust model. This may no
+ ;; be the default model in the future.
+ (let ((trust-model (gpg-config 'gpg "trust-model")))
+ (trust-model::update "pgp"))
+ ;; Load the scenario's public keys.
+ (call-check `(,@GPG --import
+ ,(in-srcdir "tests" "openpgp" "trust-pgp"
+ (string-append name ".asc"))))
+ ;; Use Alice's key as root for all trust evaluations.
+ (setownertrust ALICE ULTIMATETRUST)
+ (updatetrustdb))
diff --git a/tests/openpgp/trust-pgp/david.sec.asc b/tests/openpgp/trust-pgp/david.sec.asc
new file mode 100644
index 000000000..06c4e8376
--- /dev/null
+++ b/tests/openpgp/trust-pgp/david.sec.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lHcEWW3WzRMIKoZIzj0DAQcCAwQrTeILyHVpkkDsAyAlY7wz0PYjG48ShCYeTX2z
+5f2bLxZGeepQeMiOXznPvCwRNMNpr63048+LGqu34Q9di5tvAAD9HITG0iG5SzeW
+cGMfhzGuXEn2P+9arb0OttTUcj+eGBIP8bQZRGF2aWQgPGRhdmlkQGV4YW1wbGUu
+b3JnPoiQBBMTCAA4FiEEoGB2NRmMq6LEZ/qmTOW7QuOYQAAFAllt1s0CGwMFCwkI
+BwIGFQgJCgsCBBYCAwECHgECF4AACgkQTOW7QuOYQAAJtAD+JxiDZttAb51FjB5o
+J1BksmzIrgL6ouorbLLRjVyk7rkA/0JqyLhh1K3vn4rYDbuKtvQAcfQbCndzwF9X
+uGQ/7gbS
+=EC4L
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/frank.sec.asc b/tests/openpgp/trust-pgp/frank.sec.asc
new file mode 100644
index 000000000..50235deea
--- /dev/null
+++ b/tests/openpgp/trust-pgp/frank.sec.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lHcEWW3W3RMIKoZIzj0DAQcCAwQs0QS2PEUXhpmsPlaTFOsXd8AoYqpa6xcc0+AE
+Mck1EzlqRlxeibvYeh/+yxjl18Ouww/BERB+PcoABXp00zXzAAD+Oybk8/6x5nc8
+ZNHkRIbfHW8oKh7jxbpob9X7QIfBpf8TcbQZRnJhbmsgPGZyYW5rQGV4YW1wbGUu
+Y29tPoiQBBMTCAA4FiEEzhoOB8+KIMv43EfW25AX265s0O8FAllt1t0CGwMFCwkI
+BwIGFQgJCgsCBBYCAwECHgECF4AACgkQ25AX265s0O+nDQD/RplCmAPQgMejhs2/
+YmOqWrekyd4IWNj9zyI2n228WXYBAJ1/Wf1vBviOEqzs7t+C0iBExxJXViPlG0nN
+Z9aoiX1G
+=vnHF
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/grace.sec.asc b/tests/openpgp/trust-pgp/grace.sec.asc
new file mode 100644
index 000000000..23ebd7153
--- /dev/null
+++ b/tests/openpgp/trust-pgp/grace.sec.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lHcEWW3W8RMIKoZIzj0DAQcCAwRTGb7wRrdPa+mXxUNJoYgWbKfMDQH9M1H366PQ
+ga8L32TYccFzyCD8DuRYOQxzhnCtSHtdzK4QAwwGLaJV6GRjAAEAzBLT+dB5ga7S
+Lh7PepOB9yObDHrHAvXGXg9AUvEm3ZkQ6bQZR3JhY2UgPGdyYWNlQGV4YW1wbGUu
+bmV0PoiQBBMTCAA4FiEEuTX0uNoAmvvM3UE4ZlOhgwB/g0UFAllt1vECGwMFCwkI
+BwIGFQgJCgsCBBYCAwECHgECF4AACgkQZlOhgwB/g0W2AAD+KmW2DQALWTnsVnL/
+QKdJ1J8DsaR1l+y2h7FUYuFttQsBALZYs2vUwOVBnAYyqbHogqgbPSxKRXeAxNqo
+epx6csv+
+=05c1
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/heidi.sec.asc b/tests/openpgp/trust-pgp/heidi.sec.asc
new file mode 100644
index 000000000..f650d1a62
--- /dev/null
+++ b/tests/openpgp/trust-pgp/heidi.sec.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lHcEWW3XBxMIKoZIzj0DAQcCAwSINFpTZUYnxDDj3k16ljZIt58rh3cuUNIvUcqR
+zR9kdlmudQTaf1zUsW6F3r+t91t88kaA2Fcci3wkU0CAob0WAAD/eTlMM3JTEF6K
+yh8gxk1+mXRVUAmcGwr+1PzC3nzJAkgPALQZSGVpZGkgPGhlaWRpQGV4YW1wbGUu
+b3JnPoiQBBMTCAA4FiEEA4nAt5kOEFILM08jdW8Vce2pGEsFAllt1wcCGwMFCwkI
+BwIGFQgJCgsCBBYCAwECHgECF4AACgkQdW8Vce2pGEtwXAD/SVyIRiGnYPkqBVqG
+fI2MlTgN8+uirur2JdkcPoylCEMA/j3OeLRRT1docnEnvST1srmlXxZTbNUclnAl
+a2OZd7ME
+=1goe
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/scenario1.asc b/tests/openpgp/trust-pgp/scenario1.asc
new file mode 100644
index 000000000..82fee763e
--- /dev/null
+++ b/tests/openpgp/trust-pgp/scenario1.asc
@@ -0,0 +1,75 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW2+WxMIKoZIzj0DAQcCAwQnUnqiwvOPU7gGepFTew8Fk5kmVexr+PvaqXgv
+9wKxNzZrs4GvamULk9pl2euwJGKPBRJRz8RSNpW6HIIzAPoOtBlBbGljZSA8YWxp
+Y2VAZXhhbXBsZS5vcmc+iJAEExMIADgWIQT9myDdPJgSPu6vjMUbpBU40uZWtQUC
+WW2+WwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAbpBU40uZWtTs8AQC8
+6p4hEyInw17S3P4rVpHP+en+6YJDE7x12b2aevgzsQD/XPhh0PTrAlenhFdQjQbZ
+A4dNj5BcxKEIWunJICtZCo0=
+=rf4w
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WihMIKoZIzj0DAQcCAwTtUYI84wfNPCwa/r2ke7tXz0uv/En9LQZbW0QE
+nzHigEvMXLfyjfjCf5tQ2eVbKLbABxtKwDtC2bv8dMcmgqd/tBlCb2JieSA8Ym9i
+YnlAZXhhbXBsZS5jb20+iJAEExMIADgWIQRNP1n02AMP0thEr+ulusPtElzK5QUC
+WW3WigIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRClusPtElzK5ZSOAQD1
+St647GAPOFIIYBDka3EGJeSan8i4f+u80jyplpWeggEA+z9VSDLd7JKMXqD3B/9T
+O+rBR22hpi+TILZrbk7svFyIdQQQEwgAHRYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbhAyAAoJEBukFTjS5la10+gA/2wr/lG67+xA1n3+2tQkIf1254lnwr8NXhwg
+w4UAAbajAP9hOXzltmmHV4BaBm35GEv/A2iAABV6lzgvApmM9c445A==
+=i2Va
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WrxMIKoZIzj0DAQcCAwS4HzEJ0YwXZ1SWciHOmWdfnESTvwC3Zb/sWRu8
+zdIeZzxAwu8lYQaDq/eOgKeXQVW5gxkQG5rCWUazbG+gCBEItBlDYXJvbCA8Y2Fy
+b2xAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQRsYnNeRUzN15+mymAQeRE67BKC/QUC
+WW3WrwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAQeRE67BKC/czKAP4p
+26ygO/PtZluyOMFYj8cuFZ9Z9eygBH2Y3/mtn3gcOAD/VWpu9Rwz689TraDv/Sqg
+apYJ1rdJREHrbrcqKtuTqFiIdQQQEwgAHRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbhBhAAoJEKW6w+0SXMrlPYgA/21rYq9iItnLASDCdt4ZX6gPKEZVBFDk6850
+Gyvg3TrEAP9/9bjKEFCSbo6vFKONOEpKqA/9B85Ff+2jq1lvfafV4Q==
+=mwVS
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WzRMIKoZIzj0DAQcCAwQrTeILyHVpkkDsAyAlY7wz0PYjG48ShCYeTX2z
+5f2bLxZGeepQeMiOXznPvCwRNMNpr63048+LGqu34Q9di5tvtBlEYXZpZCA8ZGF2
+aWRAZXhhbXBsZS5vcmc+iJAEExMIADgWIQSgYHY1GYyrosRn+qZM5btC45hAAAUC
+WW3WzQIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBM5btC45hAAAm0AP4n
+GINm20BvnUWMHmgnUGSybMiuAvqi6itsstGNXKTuuQD/QmrIuGHUre+fitgNu4q2
+9ABx9BsKd3PAX1e4ZD/uBtKIdQQQEwgAHRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbhB0AAoJEKW6w+0SXMrlARwA/RiqKRh4rYtW5gP20PoQNYfS1qh+lDRTlhfp
+SSF5aKKFAP90s5/fp6n382IjbOhmQiEB9N4gv4pZT3YP13NQwAABbg==
+=bLxR
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W3RMIKoZIzj0DAQcCAwQs0QS2PEUXhpmsPlaTFOsXd8AoYqpa6xcc0+AE
+Mck1EzlqRlxeibvYeh/+yxjl18Ouww/BERB+PcoABXp00zXztBlGcmFuayA8ZnJh
+bmtAZXhhbXBsZS5jb20+iJAEExMIADgWIQTOGg4Hz4ogy/jcR9bbkBfbrmzQ7wUC
+WW3W3QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDbkBfbrmzQ76cNAP9G
+mUKYA9CAx6OGzb9iY6pat6TJ3ghY2P3PIjafbbxZdgEAnX9Z/W8G+I4SrOzu34LS
+IETHEldWI+UbSc1n1qiJfUaIdQQQEwgAHRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbhCEAAoJEKW6w+0SXMrlepAA/3+AAaRQVfsU+zQtGg43VxAcfW+ezuUVCYUY
+IW2Lv+GkAP0WF7Nh5N4nDo/gC3WBW2zdWArlRaWa5NxcCquEUaE7Tg==
+=SWmz
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W8RMIKoZIzj0DAQcCAwRTGb7wRrdPa+mXxUNJoYgWbKfMDQH9M1H366PQ
+ga8L32TYccFzyCD8DuRYOQxzhnCtSHtdzK4QAwwGLaJV6GRjtBlHcmFjZSA8Z3Jh
+Y2VAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQS5NfS42gCa+8zdQThmU6GDAH+DRQUC
+WW3W8QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBmU6GDAH+DRbYAAP4q
+ZbYNAAtZOexWcv9Ap0nUnwOxpHWX7LaHsVRi4W21CwEAtliza9TA5UGcBjKpseiC
+qBs9LEpFd4DE2qh6nHpyy/6IdQQQEwgAHRYhBGxic15FTM3Xn6bKYBB5ETrsEoL9
+BQJZbhCyAAoJEBB5ETrsEoL9pVoBAPGc50vXiWmSAx8U573pqAyBsVPPMUlfrrgc
+tVZZQ9DyAP9LCpG1kJOnB1Fia1M6M/37FAwVjUerWTrp6XoG1888PYh1BBATCAAd
+FiEEoGB2NRmMq6LEZ/qmTOW7QuOYQAAFAlluEM4ACgkQTOW7QuOYQAB3HgD+Kw+R
+WbH8RcSlNbwlGWCWYwKvik7ukIMcTXXYD5azTYoBANF5Ym2n5RExmEd8nTrWu9MR
+TUlOgAXfzm/iH4+TNj2yiHUEEBMIAB0WIQTOGg4Hz4ogy/jcR9bbkBfbrmzQ7wUC
+WW4Q7AAKCRDbkBfbrmzQ7weXAP9OyFxzdpbq1R+V6T5WEckR5OtE6Va/7CHRPRW+
+kMNVjwD/YQZVbOCRxKybVbvPuF+29w7sWp4iAmmrmCFnKfgxZsQ=
+=r9Ly
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/scenario2.asc b/tests/openpgp/trust-pgp/scenario2.asc
new file mode 100644
index 000000000..3a98621df
--- /dev/null
+++ b/tests/openpgp/trust-pgp/scenario2.asc
@@ -0,0 +1,70 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW2+WxMIKoZIzj0DAQcCAwQnUnqiwvOPU7gGepFTew8Fk5kmVexr+PvaqXgv
+9wKxNzZrs4GvamULk9pl2euwJGKPBRJRz8RSNpW6HIIzAPoOtBlBbGljZSA8YWxp
+Y2VAZXhhbXBsZS5vcmc+iJAEExMIADgWIQT9myDdPJgSPu6vjMUbpBU40uZWtQUC
+WW2+WwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAbpBU40uZWtTs8AQC8
+6p4hEyInw17S3P4rVpHP+en+6YJDE7x12b2aevgzsQD/XPhh0PTrAlenhFdQjQbZ
+A4dNj5BcxKEIWunJICtZCo0=
+=rf4w
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WihMIKoZIzj0DAQcCAwTtUYI84wfNPCwa/r2ke7tXz0uv/En9LQZbW0QE
+nzHigEvMXLfyjfjCf5tQ2eVbKLbABxtKwDtC2bv8dMcmgqd/tBlCb2JieSA8Ym9i
+YnlAZXhhbXBsZS5jb20+iJAEExMIADgWIQRNP1n02AMP0thEr+ulusPtElzK5QUC
+WW3WigIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRClusPtElzK5ZSOAQD1
+St647GAPOFIIYBDka3EGJeSan8i4f+u80jyplpWeggEA+z9VSDLd7JKMXqD3B/9T
+O+rBR22hpi+TILZrbk7svFyIeQQQEwgAIRYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbjsoAwUBeAAKCRAbpBU40uZWtVGlAQCgHkwmJSATJbrqV7+h/1ByLDi4+thQ
+ApW8nRinGuwkxQD+NgjOVmkPGZtpvaBzLXJS/IdPAYBWAriAzDZEV2GchWM=
+=4Xcm
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WrxMIKoZIzj0DAQcCAwS4HzEJ0YwXZ1SWciHOmWdfnESTvwC3Zb/sWRu8
+zdIeZzxAwu8lYQaDq/eOgKeXQVW5gxkQG5rCWUazbG+gCBEItBlDYXJvbCA8Y2Fy
+b2xAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQRsYnNeRUzN15+mymAQeRE67BKC/QUC
+WW3WrwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAQeRE67BKC/czKAP4p
+26ygO/PtZluyOMFYj8cuFZ9Z9eygBH2Y3/mtn3gcOAD/VWpu9Rwz689TraDv/Sqg
+apYJ1rdJREHrbrcqKtuTqFiIdQQQEwgAHRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbjteAAoJEKW6w+0SXMrlkJQBAO19erLoHXOqUI01Wl0tcaKIwEB5HkIHLh0w
+cCTOG4bDAQCCG8a8D1mg9jVPukBzTBUZGpDZmg/U3JGW3XE6rKlKXQ==
+=Df0N
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WzRMIKoZIzj0DAQcCAwQrTeILyHVpkkDsAyAlY7wz0PYjG48ShCYeTX2z
+5f2bLxZGeepQeMiOXznPvCwRNMNpr63048+LGqu34Q9di5tvtBlEYXZpZCA8ZGF2
+aWRAZXhhbXBsZS5vcmc+iJAEExMIADgWIQSgYHY1GYyrosRn+qZM5btC45hAAAUC
+WW3WzQIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBM5btC45hAAAm0AP4n
+GINm20BvnUWMHmgnUGSybMiuAvqi6itsstGNXKTuuQD/QmrIuGHUre+fitgNu4q2
+9ABx9BsKd3PAX1e4ZD/uBtKIdQQQEwgAHRYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbkUBAAoJEBukFTjS5la1zSgA/A6ei6bus+VtQtL1rsJfovwoxnyAq+QzCcJL
+ZheUUK3LAQCK+rVE1Yn9QsFoNYZUgLHrnQDtSVq9ClJvNw/Wuz7DpQ==
+=No85
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W3RMIKoZIzj0DAQcCAwQs0QS2PEUXhpmsPlaTFOsXd8AoYqpa6xcc0+AE
+Mck1EzlqRlxeibvYeh/+yxjl18Ouww/BERB+PcoABXp00zXztBlGcmFuayA8ZnJh
+bmtAZXhhbXBsZS5jb20+iJAEExMIADgWIQTOGg4Hz4ogy/jcR9bbkBfbrmzQ7wUC
+WW3W3QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDbkBfbrmzQ76cNAP9G
+mUKYA9CAx6OGzb9iY6pat6TJ3ghY2P3PIjafbbxZdgEAnX9Z/W8G+I4SrOzu34LS
+IETHEldWI+UbSc1n1qiJfUaIeQQQEwgAIRYhBKBgdjUZjKuixGf6pkzlu0LjmEAA
+BQJZbkUwAwUBeAAKCRBM5btC45hAAJF0AQD3lBQszLXrlSnCLuHfQxbS/p05DURZ
+HRi8MbTqkrcgrQD8Cs3gwQCBkPUrx8boAyjcuX1BK/TYZ1Gg8hWkozNr1lI=
+=HwV/
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W8RMIKoZIzj0DAQcCAwRTGb7wRrdPa+mXxUNJoYgWbKfMDQH9M1H366PQ
+ga8L32TYccFzyCD8DuRYOQxzhnCtSHtdzK4QAwwGLaJV6GRjtBlHcmFjZSA8Z3Jh
+Y2VAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQS5NfS42gCa+8zdQThmU6GDAH+DRQUC
+WW3W8QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBmU6GDAH+DRbYAAP4q
+ZbYNAAtZOexWcv9Ap0nUnwOxpHWX7LaHsVRi4W21CwEAtliza9TA5UGcBjKpseiC
+qBs9LEpFd4DE2qh6nHpyy/6IdQQQEwgAHRYhBM4aDgfPiiDL+NxH1tuQF9uubNDv
+BQJZbkVQAAoJENuQF9uubNDvyrkBAICiFq2dTFzLrXNsItwpPrB20trzEPM/JAxa
+lzSyknJMAQDBCj8nyEtlpkYh9t9ovy/x75D1OUBFFYHOQXCMy0QyRA==
+=yoqI
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/scenario3.asc b/tests/openpgp/trust-pgp/scenario3.asc
new file mode 100644
index 000000000..240afd518
--- /dev/null
+++ b/tests/openpgp/trust-pgp/scenario3.asc
@@ -0,0 +1,58 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW2+WxMIKoZIzj0DAQcCAwQnUnqiwvOPU7gGepFTew8Fk5kmVexr+PvaqXgv
+9wKxNzZrs4GvamULk9pl2euwJGKPBRJRz8RSNpW6HIIzAPoOtBlBbGljZSA8YWxp
+Y2VAZXhhbXBsZS5vcmc+iJAEExMIADgWIQT9myDdPJgSPu6vjMUbpBU40uZWtQUC
+WW2+WwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAbpBU40uZWtTs8AQC8
+6p4hEyInw17S3P4rVpHP+en+6YJDE7x12b2aevgzsQD/XPhh0PTrAlenhFdQjQbZ
+A4dNj5BcxKEIWunJICtZCo0=
+=rf4w
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WihMIKoZIzj0DAQcCAwTtUYI84wfNPCwa/r2ke7tXz0uv/En9LQZbW0QE
+nzHigEvMXLfyjfjCf5tQ2eVbKLbABxtKwDtC2bv8dMcmgqd/tBlCb2JieSA8Ym9i
+YnlAZXhhbXBsZS5jb20+iJAEExMIADgWIQRNP1n02AMP0thEr+ulusPtElzK5QUC
+WW3WigIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRClusPtElzK5ZSOAQD1
+St647GAPOFIIYBDka3EGJeSan8i4f+u80jyplpWeggEA+z9VSDLd7JKMXqD3B/9T
+O+rBR22hpi+TILZrbk7svFyIeQQQEwgAIRYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbmYmAwUCeAAKCRAbpBU40uZWtSQhAQD2HLi7PUipgcO9N+KEJLKl2T9ralzj
+O1PMy8IbxnG86AD/Ya541TcH9oxZUWm5dsHd/eoBnSu2WwWkLPNHirRkzwE=
+=R1uZ
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WrxMIKoZIzj0DAQcCAwS4HzEJ0YwXZ1SWciHOmWdfnESTvwC3Zb/sWRu8
+zdIeZzxAwu8lYQaDq/eOgKeXQVW5gxkQG5rCWUazbG+gCBEItBlDYXJvbCA8Y2Fy
+b2xAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQRsYnNeRUzN15+mymAQeRE67BKC/QUC
+WW3WrwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAQeRE67BKC/czKAP4p
+26ygO/PtZluyOMFYj8cuFZ9Z9eygBH2Y3/mtn3gcOAD/VWpu9Rwz689TraDv/Sqg
+apYJ1rdJREHrbrcqKtuTqFiIeQQQEwgAIRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbmZIAwUCeAAKCRClusPtElzK5YuLAP0b5nCuz6p6DDrHB0rtwfhEfJQgvsEc
+zGE2Hh5P5fXP/AEA2Gt8LEWiHYNGWu6ZN02oyCoNUEfZZFva59IIPrzPDHU=
+=S6Nc
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WzRMIKoZIzj0DAQcCAwQrTeILyHVpkkDsAyAlY7wz0PYjG48ShCYeTX2z
+5f2bLxZGeepQeMiOXznPvCwRNMNpr63048+LGqu34Q9di5tvtBlEYXZpZCA8ZGF2
+aWRAZXhhbXBsZS5vcmc+iJAEExMIADgWIQSgYHY1GYyrosRn+qZM5btC45hAAAUC
+WW3WzQIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBM5btC45hAAAm0AP4n
+GINm20BvnUWMHmgnUGSybMiuAvqi6itsstGNXKTuuQD/QmrIuGHUre+fitgNu4q2
+9ABx9BsKd3PAX1e4ZD/uBtKIeQQQEwgAIRYhBGxic15FTM3Xn6bKYBB5ETrsEoL9
+BQJZbmZ0AwUCeAAKCRAQeRE67BKC/eFYAQDaKoyQZYnNH/62hydWITZ1nOYM/h6i
+6L/b+XqB9DD0ewD9FAbO1wzassj6FmZMZDaraqdljTX+94JY5E3GJ8EQXo4=
+=kaec
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W3RMIKoZIzj0DAQcCAwQs0QS2PEUXhpmsPlaTFOsXd8AoYqpa6xcc0+AE
+Mck1EzlqRlxeibvYeh/+yxjl18Ouww/BERB+PcoABXp00zXztBlGcmFuayA8ZnJh
+bmtAZXhhbXBsZS5jb20+iJAEExMIADgWIQTOGg4Hz4ogy/jcR9bbkBfbrmzQ7wUC
+WW3W3QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDbkBfbrmzQ76cNAP9G
+mUKYA9CAx6OGzb9iY6pat6TJ3ghY2P3PIjafbbxZdgEAnX9Z/W8G+I4SrOzu34LS
+IETHEldWI+UbSc1n1qiJfUaIeQQQEwgAIRYhBKBgdjUZjKuixGf6pkzlu0LjmEAA
+BQJZbmaiAwUCeAAKCRBM5btC45hAAMcRAP9dcKO3ETB52AsFdBp2iJVjqJ5JiftN
+B/2FZBxPtSjXpAD/YdDzs+zNaAUlFIFmXzP9EmIqmXhC6XSiASrNd5EW33A=
+=DXNa
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/scenario4.asc b/tests/openpgp/trust-pgp/scenario4.asc
new file mode 100644
index 000000000..7860c959a
--- /dev/null
+++ b/tests/openpgp/trust-pgp/scenario4.asc
@@ -0,0 +1,84 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW2+WxMIKoZIzj0DAQcCAwQnUnqiwvOPU7gGepFTew8Fk5kmVexr+PvaqXgv
+9wKxNzZrs4GvamULk9pl2euwJGKPBRJRz8RSNpW6HIIzAPoOtBlBbGljZSA8YWxp
+Y2VAZXhhbXBsZS5vcmc+iJAEExMIADgWIQT9myDdPJgSPu6vjMUbpBU40uZWtQUC
+WW2+WwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAbpBU40uZWtTs8AQC8
+6p4hEyInw17S3P4rVpHP+en+6YJDE7x12b2aevgzsQD/XPhh0PTrAlenhFdQjQbZ
+A4dNj5BcxKEIWunJICtZCo0=
+=rf4w
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WihMIKoZIzj0DAQcCAwTtUYI84wfNPCwa/r2ke7tXz0uv/En9LQZbW0QE
+nzHigEvMXLfyjfjCf5tQ2eVbKLbABxtKwDtC2bv8dMcmgqd/tBlCb2JieSA8Ym9i
+YnlAZXhhbXBsZS5jb20+iJAEExMIADgWIQRNP1n02AMP0thEr+ulusPtElzK5QUC
+WW3WigIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRClusPtElzK5ZSOAQD1
+St647GAPOFIIYBDka3EGJeSan8i4f+u80jyplpWeggEA+z9VSDLd7JKMXqD3B/9T
+O+rBR22hpi+TILZrbk7svFyIlAQQEwgAPBYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbm5IAwUCeBqGPFtePl0rW0AuXWV4YW1wbGVcLmNvbT4kAAAKCRAbpBU40uZW
+tb+2APsFKgWxiLtSbpcekarOlPrw014LVinLGah3VE1Izay+tAEA+0INHdcNoz64
+kRE/2siUnx1ksrWcWvJbvNMteknXhzY=
+=UQni
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WrxMIKoZIzj0DAQcCAwS4HzEJ0YwXZ1SWciHOmWdfnESTvwC3Zb/sWRu8
+zdIeZzxAwu8lYQaDq/eOgKeXQVW5gxkQG5rCWUazbG+gCBEItBlDYXJvbCA8Y2Fy
+b2xAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQRsYnNeRUzN15+mymAQeRE67BKC/QUC
+WW3WrwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAQeRE67BKC/czKAP4p
+26ygO/PtZluyOMFYj8cuFZ9Z9eygBH2Y3/mtn3gcOAD/VWpu9Rwz689TraDv/Sqg
+apYJ1rdJREHrbrcqKtuTqFiIdQQQEwgAHRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbm6PAAoJEKW6w+0SXMrlWj8A/2UdgyhbV+tLjyFb87iBiaWxSIVfiVyjhLZN
+htPTrKb2AP4yIRxJ3x0LmRSDLkZ/QIQmgahlAXRmKCXSRAB8x2KRsQ==
+=Zbpr
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WzRMIKoZIzj0DAQcCAwQrTeILyHVpkkDsAyAlY7wz0PYjG48ShCYeTX2z
+5f2bLxZGeepQeMiOXznPvCwRNMNpr63048+LGqu34Q9di5tvtBlEYXZpZCA8ZGF2
+aWRAZXhhbXBsZS5vcmc+iJAEExMIADgWIQSgYHY1GYyrosRn+qZM5btC45hAAAUC
+WW3WzQIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBM5btC45hAAAm0AP4n
+GINm20BvnUWMHmgnUGSybMiuAvqi6itsstGNXKTuuQD/QmrIuGHUre+fitgNu4q2
+9ABx9BsKd3PAX1e4ZD/uBtKIlAQQEwgAPBYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbm5uAwUCeBqGPFtePl0rW0AuXWV4YW1wbGVcLm9yZz4kAAAKCRAbpBU40uZW
+tYGkAQDcxaTENxUFCcwyuv/pOpNr51Q7bhCcWVPd3Zn1t3yurQD+KDre0hsrR0Rf
+kiq5JYhqh8sEejmFQ1EtcCNI2x8CvHg=
+=W5g4
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W3RMIKoZIzj0DAQcCAwQs0QS2PEUXhpmsPlaTFOsXd8AoYqpa6xcc0+AE
+Mck1EzlqRlxeibvYeh/+yxjl18Ouww/BERB+PcoABXp00zXztBlGcmFuayA8ZnJh
+bmtAZXhhbXBsZS5jb20+iJAEExMIADgWIQTOGg4Hz4ogy/jcR9bbkBfbrmzQ7wUC
+WW3W3QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDbkBfbrmzQ76cNAP9G
+mUKYA9CAx6OGzb9iY6pat6TJ3ghY2P3PIjafbbxZdgEAnX9Z/W8G+I4SrOzu34LS
+IETHEldWI+UbSc1n1qiJfUaIdQQQEwgAHRYhBKBgdjUZjKuixGf6pkzlu0LjmEAA
+BQJZbm7vAAoJEEzlu0LjmEAAmT0A/3kZ3vms9aDuS2OD9yE/KoluBQi1UWR59V/2
+JHomhTiRAP9GI/01N3pRty986m4dVBbrXpT39ZkEj4q+zkn1uNeQHA==
+=UqlD
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W8RMIKoZIzj0DAQcCAwRTGb7wRrdPa+mXxUNJoYgWbKfMDQH9M1H366PQ
+ga8L32TYccFzyCD8DuRYOQxzhnCtSHtdzK4QAwwGLaJV6GRjtBlHcmFjZSA8Z3Jh
+Y2VAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQS5NfS42gCa+8zdQThmU6GDAH+DRQUC
+WW3W8QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBmU6GDAH+DRbYAAP4q
+ZbYNAAtZOexWcv9Ap0nUnwOxpHWX7LaHsVRi4W21CwEAtliza9TA5UGcBjKpseiC
+qBs9LEpFd4DE2qh6nHpyy/6IdQQQEwgAHRYhBAOJwLeZDhBSCzNPI3VvFXHtqRhL
+BQJZbm85AAoJEHVvFXHtqRhL6N0BAPjsViTQhc/t9zbC7Jf3bRLQTYjwR5EtW4Wu
+IZZeByYXAQDw0Wofsq945J5oRLoTPdc264dBv8ojBr0/1uFWOvci/w==
+=q1yC
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3XBxMIKoZIzj0DAQcCAwSINFpTZUYnxDDj3k16ljZIt58rh3cuUNIvUcqR
+zR9kdlmudQTaf1zUsW6F3r+t91t88kaA2Fcci3wkU0CAob0WtBlIZWlkaSA8aGVp
+ZGlAZXhhbXBsZS5vcmc+iJAEExMIADgWIQQDicC3mQ4QUgszTyN1bxVx7akYSwUC
+WW3XBwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRB1bxVx7akYS3BcAP9J
+XIhGIadg+SoFWoZ8jYyVOA3z66Ku6vYl2Rw+jKUIQwD+Pc54tFFPV2hycSe9JPWy
+uaVfFlNs1RyWcCVrY5l3swSIeQQQEwgAIRYhBKBgdjUZjKuixGf6pkzlu0LjmEAA
+BQJZbm8aAwUCeAAKCRBM5btC45hAAPABAPwLtRtV1gnk6qbyb9DvvHbG1kd2sqQ5
+mBM7cw6rPmf2EgEA3V3J9D7/4hbF/tulACVEpW9yvZq3wnEj0GSMpF6qQDE=
+=7uOj
+-----END PGP PUBLIC KEY BLOCK-----