Page MenuHome GnuPG
Files F34900679

No OneTemporary
Actions

View Options

This document is not UTF8. It was detected as ISO-8859-1 (Latin 1) and converted to UTF8 for display.
diff --git a/tests/openpgp/tofu-2183839A-1.txt b/tests/openpgp/tofu-2183839A-1.txt
deleted file mode 100644
index 521b3bba4..000000000
Binary files a/tests/openpgp/tofu-2183839A-1.txt and /dev/null differ
diff --git a/tests/openpgp/tofu-BC15C85A-1.txt b/tests/openpgp/tofu-BC15C85A-1.txt
deleted file mode 100644
index 88cc64935..000000000
--- a/tests/openpgp/tofu-BC15C85A-1.txt
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN PGP MESSAGE-----
-Version: GnuPG v2
-
-owGbwMvMwMF46tzNaXtET0QxnmZPYgj9/c+Sq2MOCwMjBwMbKxOIy8DFKQBTo/SK
-hWFThVuj19r3R/6VzQkpaZuQx7s3r9BQ46v8KXkjb58dSjmXyr7enlCzb7dg1zE7
-aynbc6YTF+wXZI4IlAgPuLJhUeSXo0+WllxbFXUz39407cv15TcXThLj+3tFkSnZ
-YFXwM9+nfAoHpt6I/ZY96SJT3XFZKzO1jeZNJhZsV4Vfrjp0UmnH3E4A
-=X9WM
------END PGP MESSAGE-----
diff --git a/tests/openpgp/tofu-EE37CF96-1.txt b/tests/openpgp/tofu-EE37CF96-1.txt
deleted file mode 100644
index 33a38db2c..000000000
--- a/tests/openpgp/tofu-EE37CF96-1.txt
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN PGP MESSAGE-----
-Version: GnuPG v2
-
-owGbwMvMwMEY0Tqz9J35+WmMp9mTGEJ//xPk6pjDwsDIwcDGygTiMnBxCsDULFZm
-/sk4S36iQ6FuZZPMPdOSe/rZOxNThTmzvJN4l1qe9XGdlLhtpumfzh0uhRnzT2Xc
-jmra+ZdN9+XBhml//i7v6XrfuWu56OuEI/fXH0i3P5HELb+j++6SO85VemLq/tvO
-hNvWtddvuZ7+z2JJaqnP4wiu2t+sEze/MWKZ9zz+u2FV6a3OIyJxjwA=
-=JMtb
------END PGP MESSAGE-----
diff --git a/tests/openpgp/tofu-keys-secret.asc b/tests/openpgp/tofu-keys-secret.asc
deleted file mode 100755
index 68e0d201c..000000000
--- a/tests/openpgp/tofu-keys-secret.asc
+++ /dev/null
@@ -1,95 +0,0 @@
------BEGIN PGP PRIVATE KEY BLOCK-----
-Version: GnuPG v2
-
-lgAAAgYEVfv86AEEAN20yizZgtnQaJPUV++9Z+rRg4XzjWpLvmiWMpTsn8qhjpyS
-kAa4/4P4/MRWVvSXiRC1uJ7T59Sbm/KFs8TdKaqIMuON3QYjztxm2NmDMA/f5FTv
-RuLkgKAEpwGOqI1Zvm3uleH8hkx0n45tHxCI3bLCfW+12lZxJCGNDBnhvj+5ABEB
-AAH+BwMCeYHLsHWjaoTufvOw6/xINpFQV8JcwSc+RaEIfmIwEwO242+vUEZefkia
-yMMJTd20C144zMr/3Tsx/+c8ULAbR/NBtuG49jsGWFJH2uN/5pi40x2S/afJuwru
-0co5xQSnpZtM4v9mvFM517IROhHY1pl6KpK87pZm5JHGB4525DpAYJ7vTTmHE2NW
-e5jr7a7SpXwTU7dKHbLxY+kofH7DLvMX6KjOJ/kDLIqnK3AeCwfhXkkRRP8UI/0J
-pZEPUyImag6FryRdoZJPTPX7TMWM4zrdnT6xOffIe1REpo59LVkvg6TiPtnlnuY8
-Y9NVZ+mWz0RHtxFh1b70G6D5C5Mdi/iGUAAfTwNhjdnmYsN1qKxcO533qlj/rXHn
-6uxauiR4d+7Ioy2RsPpY2FqTkgymhBLn6ZcYvzwEXaAygLUs8HmzPuiVm5Ls5UXn
-VKaRMc+DBQPz3W3CuMWsHAyKsg4ibp/6MSf0klYHUG8WVXI4tLGOkbg5HbQTVGVz
-dGluZyAoaW5zZWN1cmUhKYi9BBMBCAAnBQJV+/zoAhsDBQkB4TOABQsJCAcCBhUI
-CQoLAgQWAgMBAh4BAheAAAoJEFiFmXXuN8+WqPYEAIW+qAoFnc2emFnx/b+vKW9X
-1g3NLmsLyUUBI34GCh+sGa6C0SptdKc68uvKUc6daBiHuoukN4F+1rYUuNG8WNMs
-V/JwGPKVADPIFrgGiotMW770ZnzZsoqGWvwUnyrlaUI6AYHe4Uj9YAmnmi647A/u
-UxcI1H20M3dENSUyiS1zngAAAgUEVfv86AEEAMgaJrwhFOhEmHHgqyzx2KFzG4SD
-F6jyAg1CIVKmiLSBfNXWa43vJwfxLo7vbT1wy0iiJF8+ALD/ghppmZb9NpsiUC+X
-xT4ublOSvRgN+527WdUX8ym0EXxjpuSSW+hVZZwUP0K0fBdIVaVCawJGEp5Lc/mX
-KnjmXvLQxWSQYgB9ABEBAAH+BwMCtE0VqaVadDju5hPxFcvSTjNkKwGVZZgQBWVZ
-sYj/Sd/Pbc90xb3TSf/VQGVQhKei+GBmUPYOPqStOP30pJvK0SBxkJ2BYb876RJC
-lj48lkTGFPZwhw69BZq6QA5nfBm41V+W6iakdyEww6g1Q93AyzuAirBJraR+oQ6Q
-beqo52TtYAhpAQbUBsQ/1VO/1zx8eHOG298kYpU2Jo7Te81d03rWcSaDbJqcEmsI
-jJe1ccvQ8oU+k6ttbY3xTiKYWfJCxEaOcYpO4z1/94CPFYv1D5rJqJ/C0/SPmS4t
-4ZMqenEhsAGhMgPLKXNmQadQA2WBOATsSxmKCcC9LNjw1YudXPiLfHEnBKGQSbRF
-sZ2xZqRm7wRTQ/eXAJGGiQ41owstwSUAcFTGIhHunw9dy41CdgnZIEQCxb7R8tBv
-isRlG0cIpO5159LB3NECR4++xBB02nq6lOjysKDmYuWYuQakD1u9L6R+LQBVTxYL
-/iEK8wyf18n/iKUEGAEIAA8FAlX7/OgCGwwFCQHhM4AACgkQWIWZde43z5ZTvAP9
-EWGZu97aZhjIbD18Y2HjbXQn4L6iyeDMuM++Tsnnn57li+HLUAX8ieRHy1l/VE3t
-HhdcqRqAsrxnkGAWKMlYYZS9WHDzrffxtQlszOwpAOWdNDsWsPdbko95XvLatoqk
-t9KxB19sLao6eCBKwB9muMs10i86P+Cehwh97n/UNGOWAAACBgRV+/07AQQAxCWd
-rsUW2IhexMxOvMi32Z63bOEC5JkEy8tntGYwk54I2XGXRebdutMrXqh0nKO7p23k
-gfWjRp1dpbSp20AzdIkwsRlAjOuqhZ3Q6t+kP6xWtxAQI8YZ6lQ0VeZC0dTBllr3
-UlY4tw0emLcScNsGuDVUPYhQoJBMkk4oNw+wWfUAEQEAAf4HAwJNRwdntiqzHO76
-GxxlNilWuwitCGbGwZfmo8K8m2uAMzSKsxUp16rcLVvfQsEzS6rDhF4VbJQyLvZJ
-LDkXB0/DFbPVrxG8byJ2i6WKUzsqcevM29OXOmFfH1NVuVi5oUWbwCR6ctsNQSL7
-Bje0E6+6pme9YQtKgUIBzc2Dw+nq6WjfLc0aEc+rrXzWsJKEUKkjnaUa/AeAVYyO
-rTOk5fLrw6vy/sKsuScvLNvQUrr7U+g69gpk53Cyw2WILlADxbysg2CDMDsDmXk/
-sK6zikAgDjQTRaOJkX4BzCBoqZRaDbLMfze6kA6cwQqDTsUELy1ziH56FjRXuBqj
-D4IziA0/XE8gyMRtoMYXmF0pKBQh0RLoudorcPQE9PCFvKaXmASA80nMeBoYxlIm
-kPMBkkkwiXU4irc1m8phlcrZjYE12pxzWgSYBEwTbbzNe2EcFKf+H1vp9DXqZSua
-wLdiUx6JrSHGzoPl3XFAQXNFoOEGvlFN9nH+tBNUZXN0aW5nIChpbnNlY3VyZSEp
-iL0EEwEIACcFAlX7/TsCGwMFCQHhM4AFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AA
-CgkQys7ZlrwVyFq0NgP/cazey0+qJrTaQ0Z6eab1p8PMFE8BpcegrokxfJn61zo7
-JECjQW+htoOBBIQH32mtqjO/J/SbiBDp3xNcdabCnkphW4jkcgn+FoUbLA3GFk9f
-xtElNDGXHcQNimvhhxfrEr2Mi1yo2rKShiIO0N2yySXCJJIC9CXpDCAIhNdEYeCe
-AAACBQRV+/07AQQA3BJN5N1RI6uesA03xwTW1ABTV4tbjLROKLlTPbxb+TjWQAfQ
-lztbSavzjTO6wPPmHnGv2sXPiH2guET+thKAw1WchItKx+MiT8nnsBJHl950mqI8
-uTHGljkQBuKARVl1ELS3do6CQvGyG+5qHyl3crpED152Q5C/F53b4EfgNXEAEQEA
-Af4HAwL449o07unvl+6XONg4R9pVE0Qp0xCL5CmjhwlL8lUuGTvjciN+lXD6k7VH
-Xj9Wu86alkKZQKyZxESPtsRR5dGWgrvhmUrvPftRmO4PV7A5AS0yi54CQGaWSnOL
-nqVkENUs85Pq1LLfnM8MRIdGpS9225bwsAoB/eJk7zKNRGOUlzCDGW3f12aemyrR
-2RHGVPOvn6SVb8r8RkqCDMApR0j76cTMDiMyaGByi93y8qhXiu88Y+J/+fK5wQis
-FwPJGZVCqNTiglclgrNG4+z8G4SUvkA6W5yDiZyftN67TXqxJKKBXFS5gzWujPti
-boDzivsY9sP4Mkoc94TAmJeaLtNrqHy4UMo/m9YBmuP4hRJ7TCKmvVN4hZCN2mvJ
-4S1vi4Z9GnyxJAbxq9Gb1UA9glVAVt6bQVYO6ySIp4W29xFnoRUm4i0tCovWBn9x
-MWSkG5SLznbh2tKLN0uJGzh4G8xo2fdfx6tWy2x0gw95T5WDg7S2oe6IpQQYAQgA
-DwUCVfv9OwIbDAUJAeEzgAAKCRDKztmWvBXIWqexA/9nZUXs9BGcwpodhqjGY+H9
-/IUJua95jti9t0BleEu+h0R9O+XDEE/77IK9ET4f0t9WMfMhPO7ZIgUxFutB/Z7U
-MuyVteIvGxF/TTbQAKuCrnLYuPWkGiYjR9e0ZDbgmKrRZ/jwhdaxF0IHrR1PJLUn
-vO97qfZC7097/urCsWDMo5YAAAIGBFX8ElYBBACfcdcAcR6BJ2Ba3/HnQR1S0rG3
-8bWq8Rdtt072hDd16oQCNFpQs5WQNruCCpobmB6yOmjKJv8Cf9mxBdcQDxobcw6M
-lHPWZl04SoQKQOa5h6ptITxr+UFFFqfh7AZ7ZtDYaFfBqQX9fvdOX99C18SIcCcN
-0rHoxXfG7D/AaHEysQARAQAB/gcDAj0P/+idN7Q87sZYs1aBo3OqKKdl+a51tcgd
-80HdoEQWyIwOStl9+XleUHyrU5f9kni1I2NCrl+hLyPGaT8dGJinH103fgsGvY/L
-Z2lg5gsPdfb5U5Kyn8MfgAuAEVh0XiLOAVZf4tVjcn3jGW9VM/cDHQI9uwz0MtN0
-xxj1iw151/ydtFt4Qw+Ljh0cwBauiHSaG8rhfObJGbKpXNBJG6QfaGBlOAErO1my
-fr7UgWbul6xCZe/t7Um2rp5GxTJsN+AwDDLqSbwCzmArXRJiEnL5qaw891HuXTIC
-+lxtGNxP6bqe+4Bg/T+MIjJVWzx9avGR2WweSKBqbsyRkmZQCIkWDmp/g9t17ujo
-RrzNUT60Y0gMhJOQxZcgdXJtlT/X0RvP+tGAiVEAlvpQ+9RTzqvf4sZAPndpE4PY
-dKXJF5Pua9cWU+UceQV/Nr+JAlLzNWOlwSOJUVGsQ+RzeFJyB2D5xoG6tRI9idYU
-V+vcNGRpJzsXO6S0E1Rlc3RpbmcgKGluc2VjdXJlISmIvQQTAQgAJwUCVfwSVgIb
-AwUJAeEzgAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRA8WpFfIYODmknrA/96
-90yhjN3ELmWSJetKzvt7MlUS0j6UkA5VvDObCmAm+bDrQSGdwDJj6gu88b4biNEx
-Cz/Dmo67R9Z+gLE6LGvzYCPZ+GE/ZQ9VMo/AeUEZO44Aa7vRwnYFU0VmMJUeGQbC
-Je4JnLjF/+0yIgh/CtwFL3J/+9eayf6e6L/9WhUZ5J4AAAIGBFX8ElYBBADXznv8
-7J5i/EN8dMtjzx99LXtJdSJ3iJfp69d5V1FygvsDSlMZVekflWKF2ipHRulxLXea
-8mH0salQviQ32qPAyfCWpELLL2srTVezj6ntKVF9hZruQ2d1KBVV+syq6nSY9Eg8
-0mHizvIV5cR2b2X/X6qybJrwhW10oWh+cuLg6QARAQAB/gcDAkwZfkpx6rGW7qkb
-iuwl3c6d1o2x9HeiZG8fZ8UGU5n0Nx4bp4a60j/d+bJowww8sPRcJ+8mi/dNi9dC
-1Dls2CmmOP8U2DsPT189d+JiqlXUumhRyTo5ptglMrHkrMp489QpyCIUhW6HVopI
-ppdOJGE0kTJ7pRx0fevz3la5553IyglJ9iUqgxz2+9XlvDhSplz8zVhyZd5UPW94
-hi+vHCDf3TSakMFFZEVPCQaMunB7urI1wXx/mOT5BTSOp1PVq4SE5TtC2/GrHBU6
-/5wuqyhlT3oH+jF/GfvZQgattnkaFn/JY77/mfTCzyQb1/2iQMO8uTe8KjWAKd5h
-AoCcgxoX0rqSxe7YS2Obl1v0icWbg4wvI8WUAv5pRL7EMVcuUugrb40rWzOiJzYY
-IwEmO+tp08Ev+arbjEMzk+IXLTr3wDip/2oHHU3P2OSi46iLdueUvVnnNXff0H4e
-mqT2zlJQoPCbYMaKxL0yxvFnZLfCWolLOJaIpQQYAQgADwUCVfwSVgIbDAUJAeEz
-gAAKCRA8WpFfIYODmqzxBACNLC9j2EJvoiKhRMAUJTGCQvDWNWAI/2Ln/61Ftqu5
-+OoOI0N7uL1LjWNHrhS/PMKwcIu9iZn/uQV/OGj9YuKw58WeyKkTIEnD7bU5aUQk
-8jdRITPnr/InyHvs21P9hh18MZvDk9L9rL+uwK+9BkeL0MDL3wlAG57Fay9OXgY1
-CQ==
-=2SlE
------END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/tofu-keys.asc b/tests/openpgp/tofu-keys.asc
deleted file mode 100755
index 2de1cf792..000000000
--- a/tests/openpgp/tofu-keys.asc
+++ /dev/null
@@ -1,47 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2
-
-mI0EVfv86AEEAN20yizZgtnQaJPUV++9Z+rRg4XzjWpLvmiWMpTsn8qhjpySkAa4
-/4P4/MRWVvSXiRC1uJ7T59Sbm/KFs8TdKaqIMuON3QYjztxm2NmDMA/f5FTvRuLk
-gKAEpwGOqI1Zvm3uleH8hkx0n45tHxCI3bLCfW+12lZxJCGNDBnhvj+5ABEBAAG0
-E1Rlc3RpbmcgKGluc2VjdXJlISmIvQQTAQgAJwUCVfv86AIbAwUJAeEzgAULCQgH
-AgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBYhZl17jfPlqj2BACFvqgKBZ3NnphZ8f2/
-rylvV9YNzS5rC8lFASN+BgofrBmugtEqbXSnOvLrylHOnWgYh7qLpDeBfta2FLjR
-vFjTLFfycBjylQAzyBa4BoqLTFu+9GZ82bKKhlr8FJ8q5WlCOgGB3uFI/WAJp5ou
-uOwP7lMXCNR9tDN3RDUlMoktc7iNBFX7/OgBBADIGia8IRToRJhx4Kss8dihcxuE
-gxeo8gINQiFSpoi0gXzV1muN7ycH8S6O7209cMtIoiRfPgCw/4IaaZmW/TabIlAv
-l8U+Lm5Tkr0YDfudu1nVF/MptBF8Y6bkklvoVWWcFD9CtHwXSFWlQmsCRhKeS3P5
-lyp45l7y0MVkkGIAfQARAQABiKUEGAEIAA8FAlX7/OgCGwwFCQHhM4AACgkQWIWZ
-de43z5ZTvAP9EWGZu97aZhjIbD18Y2HjbXQn4L6iyeDMuM++Tsnnn57li+HLUAX8
-ieRHy1l/VE3tHhdcqRqAsrxnkGAWKMlYYZS9WHDzrffxtQlszOwpAOWdNDsWsPdb
-ko95XvLatoqkt9KxB19sLao6eCBKwB9muMs10i86P+Cehwh97n/UNGOYjQRV+/07
-AQQAxCWdrsUW2IhexMxOvMi32Z63bOEC5JkEy8tntGYwk54I2XGXRebdutMrXqh0
-nKO7p23kgfWjRp1dpbSp20AzdIkwsRlAjOuqhZ3Q6t+kP6xWtxAQI8YZ6lQ0VeZC
-0dTBllr3UlY4tw0emLcScNsGuDVUPYhQoJBMkk4oNw+wWfUAEQEAAbQTVGVzdGlu
-ZyAoaW5zZWN1cmUhKYi9BBMBCAAnBQJV+/07AhsDBQkB4TOABQsJCAcCBhUICQoL
-AgQWAgMBAh4BAheAAAoJEMrO2Za8FchatDYD/3Gs3stPqia02kNGenmm9afDzBRP
-AaXHoK6JMXyZ+tc6OyRAo0FvobaDgQSEB99praozvyf0m4gQ6d8TXHWmwp5KYVuI
-5HIJ/haFGywNxhZPX8bRJTQxlx3EDYpr4YcX6xK9jItcqNqykoYiDtDdssklwiSS
-AvQl6QwgCITXRGHguI0EVfv9OwEEANwSTeTdUSOrnrANN8cE1tQAU1eLW4y0Tii5
-Uz28W/k41kAH0Jc7W0mr840zusDz5h5xr9rFz4h9oLhE/rYSgMNVnISLSsfjIk/J
-57ASR5fedJqiPLkxxpY5EAbigEVZdRC0t3aOgkLxshvuah8pd3K6RA9edkOQvxed
-2+BH4DVxABEBAAGIpQQYAQgADwUCVfv9OwIbDAUJAeEzgAAKCRDKztmWvBXIWqex
-A/9nZUXs9BGcwpodhqjGY+H9/IUJua95jti9t0BleEu+h0R9O+XDEE/77IK9ET4f
-0t9WMfMhPO7ZIgUxFutB/Z7UMuyVteIvGxF/TTbQAKuCrnLYuPWkGiYjR9e0ZDbg
-mKrRZ/jwhdaxF0IHrR1PJLUnvO97qfZC7097/urCsWDMo5iNBFX8ElYBBACfcdcA
-cR6BJ2Ba3/HnQR1S0rG38bWq8Rdtt072hDd16oQCNFpQs5WQNruCCpobmB6yOmjK
-Jv8Cf9mxBdcQDxobcw6MlHPWZl04SoQKQOa5h6ptITxr+UFFFqfh7AZ7ZtDYaFfB
-qQX9fvdOX99C18SIcCcN0rHoxXfG7D/AaHEysQARAQABtBNUZXN0aW5nIChpbnNl
-Y3VyZSEpiL0EEwEIACcFAlX8ElYCGwMFCQHhM4AFCwkIBwIGFQgJCgsCBBYCAwEC
-HgECF4AACgkQPFqRXyGDg5pJ6wP/evdMoYzdxC5lkiXrSs77ezJVEtI+lJAOVbwz
-mwpgJvmw60EhncAyY+oLvPG+G4jRMQs/w5qOu0fWfoCxOixr82Aj2fhhP2UPVTKP
-wHlBGTuOAGu70cJ2BVNFZjCVHhkGwiXuCZy4xf/tMiIIfwrcBS9yf/vXmsn+nui/
-/VoVGeS4jQRV/BJWAQQA1857/OyeYvxDfHTLY88ffS17SXUid4iX6evXeVdRcoL7
-A0pTGVXpH5VihdoqR0bpcS13mvJh9LGpUL4kN9qjwMnwlqRCyy9rK01Xs4+p7SlR
-fYWa7kNndSgVVfrMqup0mPRIPNJh4s7yFeXEdm9l/1+qsmya8IVtdKFofnLi4OkA
-EQEAAYilBBgBCAAPBQJV/BJWAhsMBQkB4TOAAAoJEDxakV8hg4OarPEEAI0sL2PY
-Qm+iIqFEwBQlMYJC8NY1YAj/Yuf/rUW2q7n46g4jQ3u4vUuNY0euFL88wrBwi72J
-mf+5BX84aP1i4rDnxZ7IqRMgScPttTlpRCTyN1EhM+ev8ifIe+zbU/2GHXwxm8OT
-0v2sv67Ar70GR4vQwMvfCUAbnsVrL05eBjUJ
-=Btw1
------END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm
index e1fa00191..c4330850e 100755
--- a/tests/openpgp/tofu.scm
+++ b/tests/openpgp/tofu.scm
@@ -1,342 +1,342 @@
#!/usr/bin/env gpgscm
;; Copyright (C) 2016 g10 Code GmbH
;;
;; This file is part of GnuPG.
;;
;; GnuPG is free software; you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
;; the Free Software Foundation; either version 3 of the License, or
;; (at your option) any later version.
;;
;; GnuPG is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;; GNU General Public License for more details.
;;
;; You should have received a copy of the GNU General Public License
;; along with this program; if not, see <http://www.gnu.org/licenses/>.
(load (with-path "defs.scm"))
(setup-environment)
;; Redefine GPG without --always-trust and a fixed time.
(define GPG `(,(tool 'gpg) --no-permission-warning
- --faked-system-time=1466684990))
+ --faked-system-time=1480943782))
(define GNUPGHOME (getenv "GNUPGHOME"))
(if (string=? "" GNUPGHOME)
(error "GNUPGHOME not set"))
(catch (skip "Tofu not supported")
(call-check `(,@GPG --trust-model=tofu --list-config)))
-(define KEYS '("2183839A" "BC15C85A" "EE37CF96"))
+(define KEYS '("1C005AF3" "BE04EB2B" "B662E42F"))
;; Import the test keys.
-(call-check `(,@GPG --import ,(in-srcdir "tofu-keys.asc")))
-
-;; Make sure the keys are imported.
(for-each (lambda (keyid)
+ (call-check `(,@GPG --import
+ ,(in-srcdir "tofu/conflicting/"
+ (string-append keyid ".gpg"))))
(catch (error "Missing key" keyid)
(call-check `(,@GPG --list-keys ,keyid))))
KEYS)
;; Get tofu policy for KEYID. Any remaining arguments are simply
;; passed to GPG.
;;
;; This function only supports keys with a single user id.
(define (getpolicy keyid . args)
(let ((policy
(list-ref (assoc "tfs" (gpg-with-colons
`(--trust-model=tofu --with-tofu-info
,@args
--list-keys ,keyid))) 5)))
(unless (member policy '("auto" "good" "unknown" "bad" "ask"))
(error "Bad policy:" policy))
policy))
;; Check that KEYID's tofu policy matches EXPECTED-POLICY. Any
;; remaining arguments are simply passed to GPG.
;;
;; This function only supports keys with a single user id.
(define (checkpolicy keyid expected-policy . args)
(let ((policy (apply getpolicy `(,keyid ,@args))))
(unless (string=? policy expected-policy)
(error keyid ": Expected policy to be" expected-policy
"but got" policy))))
;; Get the trust level for KEYID. Any remaining arguments are simply
;; passed to GPG.
;;
;; This function only supports keys with a single user id.
(define (gettrust keyid . args)
(let ((trust
(list-ref (assoc "pub" (gpg-with-colons
`(--trust-model=tofu
,@args
--list-keys ,keyid))) 1)))
(unless (and (= 1 (string-length trust))
(member (string-ref trust 0) (string->list "oidreqnmfuws-")))
(error "Bad trust value:" trust))
trust))
;; Check that KEYID's trust level matches EXPECTED-TRUST. Any
;; remaining arguments are simply passed to GPG.
;;
;; This function only supports keys with a single user id.
(define (checktrust keyid expected-trust . args)
(let ((trust (apply gettrust `(,keyid ,@args))))
(unless (string=? trust expected-trust)
(error keyid ": Expected trust to be" expected-trust
"but got" trust))))
;; Set key KEYID's policy to POLICY. Any remaining arguments are
;; passed as options to gpg.
(define (setpolicy keyid policy . args)
(call-check `(,@GPG --trust-model=tofu ,@args
--tofu-policy ,policy ,keyid)))
(info "Checking tofu policies and trust...")
;; Carefully remove the TOFU db.
(catch '() (unlink (string-append GNUPGHOME "/tofu.db")))
;; Verify a message. There should be no conflict and the trust
;; policy should be set to auto.
(call-check `(,@GPG --trust-model=tofu
- --verify ,(in-srcdir "tofu-2183839A-1.txt")))
+ --verify ,(in-srcdir "tofu/conflicting/1C005AF3-1.txt")))
-(checkpolicy "2183839A" "auto")
+(checkpolicy "1C005AF3" "auto")
;; Check default trust.
-(checktrust "2183839A" "m")
+(checktrust "1C005AF3" "m")
;; Trust should be derived lazily. Thus, if the policy is set to
;; auto and we change --tofu-default-policy, then the trust should
;; change as well. Try it.
-(checktrust "2183839A" "f" '--tofu-default-policy=good)
-(checktrust "2183839A" "-" '--tofu-default-policy=unknown)
-(checktrust "2183839A" "n" '--tofu-default-policy=bad)
+(checktrust "1C005AF3" "f" '--tofu-default-policy=good)
+(checktrust "1C005AF3" "-" '--tofu-default-policy=unknown)
+(checktrust "1C005AF3" "n" '--tofu-default-policy=bad)
;; Change the policy to something other than auto and make sure the
;; policy and the trust are correct.
(for-each-p
"Setting a fixed policy..."
(lambda (policy)
(let ((expected-trust
(cond
((string=? "good" policy) "f")
((string=? "unknown" policy) "-")
(else "n"))))
- (setpolicy "2183839A" policy)
+ (setpolicy "1C005AF3" policy)
;; Since we have a fixed policy, the trust level shouldn't
;; change if we change the default policy.
(for-each-p
""
(lambda (default-policy)
- (checkpolicy "2183839A" policy
+ (checkpolicy "1C005AF3" policy
'--tofu-default-policy default-policy)
- (checktrust "2183839A" expected-trust
+ (checktrust "1C005AF3" expected-trust
'--tofu-default-policy default-policy))
'("auto" "good" "unknown" "bad" "ask"))))
'("good" "unknown" "bad"))
-;; At the end, 2183839A's policy should be bad.
-(checkpolicy "2183839A" "bad")
+;; At the end, 1C005AF3's policy should be bad.
+(checkpolicy "1C005AF3" "bad")
-;; BC15C85A and 2183839A conflict. A policy setting of "auto"
-;; (BC15C85A's state) will result in an effective policy of ask. But,
+;; 1C005AF3 and BE04EB2B conflict. A policy setting of "auto"
+;; (BE04EB2B's state) will result in an effective policy of ask. But,
;; a policy setting of "bad" will result in an effective policy of
;; bad.
-(setpolicy "BC15C85A" "auto")
-(checkpolicy "BC15C85A" "ask")
-(checkpolicy "2183839A" "bad")
-
-;; EE37CF96, 2183839A, and BC15C85A conflict. We change BC15C85A's
-;; policy to auto and leave 2183839A's policy at bad. This conflict
-;; should cause BC15C85A's policy to be changed to ask (since it is
-;; auto), but not affect 2183839A's policy.
-(setpolicy "BC15C85A" "auto")
-(checkpolicy "BC15C85A" "ask")
+(setpolicy "BE04EB2B" "auto")
+(checkpolicy "BE04EB2B" "ask")
+(checkpolicy "1C005AF3" "bad")
+
+;; 1C005AF3, B662E42F, and BE04EB2B conflict. We change BE04EB2B's
+;; policy to auto and leave 1C005AF3's policy at bad. This conflict
+;; should cause BE04EB2B's effective policy to be ask (since it is
+;; auto), but not affect 1C005AF3's policy.
+(setpolicy "BE04EB2B" "auto")
+(checkpolicy "BE04EB2B" "ask")
(call-check `(,@GPG --trust-model=tofu
- --verify ,(in-srcdir "tofu-EE37CF96-1.txt")))
-(checkpolicy "BC15C85A" "ask")
-(checkpolicy "2183839A" "bad")
-(checkpolicy "EE37CF96" "ask")
+ --verify ,(in-srcdir "tofu/conflicting/B662E42F-1.txt")))
+(checkpolicy "BE04EB2B" "ask")
+(checkpolicy "1C005AF3" "bad")
+(checkpolicy "B662E42F" "ask")
;; Check that we detect the following attack:
;;
;; Alice and Bob each have a key and cross sign them. Bob then adds a
;; new user id, "Alice". TOFU should now detect a conflict, because
;; Alice only signed Bob's "Bob" user id.
(display "Checking cross sigs...\n")
(define GPG `(,(tool 'gpg) --no-permission-warning
--faked-system-time=1476304861))
;; Carefully remove the TOFU db.
(catch '() (unlink (string-append GNUPGHOME "/tofu.db")))
(define DIR "tofu/cross-sigs")
;; The test keys.
(define KEYA "1938C3A0E4674B6C217AC0B987DB2814EC38277E")
(define KEYB "DC463A16E42F03240D76E8BA8B48C6BD871C2247")
(define KEYIDA (substring KEYA (- (string-length KEYA) 8)))
(define KEYIDB (substring KEYB (- (string-length KEYB) 8)))
(define (verify-messages)
(for-each
(lambda (key)
(for-each
(lambda (i)
(let ((fn (in-srcdir DIR (string-append key "-" i ".txt"))))
(call-check `(,@GPG --trust-model=tofu --verify ,fn))))
(list "1" "2")))
(list KEYIDA KEYIDB)))
;; Import the public keys.
(display " > Two keys. ")
(call-check `(,@GPG --import ,(in-srcdir DIR (string-append KEYIDA "-1.gpg"))))
(call-check `(,@GPG --import ,(in-srcdir DIR (string-append KEYIDB "-1.gpg"))))
;; Make sure the tofu engine registers the keys.
(verify-messages)
(display "<\n")
;; Since there is no conflict, the policy should be auto.
(checkpolicy KEYA "auto")
(checkpolicy KEYB "auto")
;; Import the cross sigs.
(display " > Adding cross signatures. ")
(call-check `(,@GPG --import ,(in-srcdir DIR (string-append KEYIDA "-2.gpg"))))
(call-check `(,@GPG --import ,(in-srcdir DIR (string-append KEYIDB "-2.gpg"))))
(verify-messages)
(display "<\n")
;; There is still no conflict, so the policy shouldn't have changed.
(checkpolicy KEYA "auto")
(checkpolicy KEYB "auto")
;; Import the conflicting user id.
(display " > Adding conflicting user id. ")
(call-check `(,@GPG --import ,(in-srcdir DIR (string-append KEYIDB "-3.gpg"))))
(verify-messages)
(display "<\n")
(checkpolicy KEYA "ask")
(checkpolicy KEYB "ask")
;; Import Alice's signature on the conflicting user id. Since there
;; is now a cross signature, we should revert to the default policy.
(display " > Adding cross signature on user id. ")
(call-check `(,@GPG --import ,(in-srcdir DIR (string-append KEYIDB "-4.gpg"))))
(verify-messages)
(display "<\n")
(checkpolicy KEYA "auto")
(checkpolicy KEYB "auto")
;; Remove the keys.
(call-check `(,@GPG --delete-key ,KEYA))
(call-check `(,@GPG --delete-key ,KEYB))
;; Check that we detect the following attack:
;;
;; Alice has an ultimately trusted key and she signs Bob's key. Then
;; Bob adds a new user id, "Alice". TOFU should now detect a
;; conflict, because Alice only signed Bob's "Bob" user id.
;;
;;
;; The Alice key:
;; pub rsa2048 2016-10-11 [SC]
;; 1938C3A0E4674B6C217AC0B987DB2814EC38277E
;; uid [ultimate] Spy Cow <spy@cow.com>
;; sub rsa2048 2016-10-11 [E]
;;
;; The Bob key:
;;
;; pub rsa2048 2016-10-11 [SC]
;; DC463A16E42F03240D76E8BA8B48C6BD871C2247
;; uid [ full ] Spy R. Cow <spy@cow.com>
;; uid [ full ] Spy R. Cow <spy@cow.de>
;; sub rsa2048 2016-10-11 [E]
(display "Checking UTK sigs...\n")
(define GPG `(,(tool 'gpg) --no-permission-warning
--faked-system-time=1476304861))
;; Carefully remove the TOFU db.
(catch '() (unlink (string-append GNUPGHOME "/tofu.db")))
(define DIR "tofu/cross-sigs")
;; The test keys.
(define KEYA "1938C3A0E4674B6C217AC0B987DB2814EC38277E")
(define KEYB "DC463A16E42F03240D76E8BA8B48C6BD871C2247")
(define KEYIDA (substring KEYA (- (string-length KEYA) 8)))
(define KEYIDB (substring KEYB (- (string-length KEYB) 8)))
(define (verify-messages)
(for-each
(lambda (key)
(for-each
(lambda (i)
(let ((fn (in-srcdir DIR (string-append key "-" i ".txt"))))
(call-check `(,@GPG --trust-model=tofu --verify ,fn))))
(list "1" "2")))
(list KEYIDA KEYIDB)))
;; Import the public keys.
(display " > Two keys. ")
(call-check `(,@GPG --import ,(in-srcdir DIR (string-append KEYIDA "-1.gpg"))))
(call-check `(,@GPG --import ,(in-srcdir DIR (string-append KEYIDB "-1.gpg"))))
(display "<\n")
(checkpolicy KEYA "auto")
(checkpolicy KEYB "auto")
;; Import the cross sigs.
(display " > Adding cross signatures. ")
(call-check `(,@GPG --import ,(in-srcdir DIR (string-append KEYIDA "-2.gpg"))))
(call-check `(,@GPG --import ,(in-srcdir DIR (string-append KEYIDB "-2.gpg"))))
(display "<\n")
(checkpolicy KEYA "auto")
(checkpolicy KEYB "auto")
;; Make KEYA ultimately trusted.
(display (string-append " > Marking " KEYA " as ultimately trusted. "))
(pipe:do
(pipe:echo (string-append KEYA ":6:\n"))
(pipe:gpg `(--import-ownertrust)))
(display "<\n")
;; An ultimately trusted key's policy is good.
(checkpolicy KEYA "good")
;; A key signed by a UTK for which there is no policy gets the default
;; policy of good.
(checkpolicy KEYB "good")
;; Import the conflicting user id.
(display " > Adding conflicting user id. ")
(call-check `(,@GPG --import ,(in-srcdir DIR (string-append KEYIDB "-3.gpg"))))
(verify-messages)
(display "<\n")
(checkpolicy KEYA "good")
(checkpolicy KEYB "ask")
;; Import Alice's signature on the conflicting user id.
(display " > Adding cross signature on user id. ")
(call-check `(,@GPG --import ,(in-srcdir DIR (string-append KEYIDB "-4.gpg"))))
(verify-messages)
(display "<\n")
(checkpolicy KEYA "good")
(checkpolicy KEYB "good")
;; Remove the keys.
(call-check `(,@GPG --delete-key ,KEYA))
(call-check `(,@GPG --delete-key ,KEYB))
diff --git a/tests/openpgp/tofu/conflicting/1C005AF3-1.txt b/tests/openpgp/tofu/conflicting/1C005AF3-1.txt
new file mode 100644
index 000000000..dba581dec
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/1C005AF3-1.txt differ
diff --git a/tests/openpgp/tofu/conflicting/1C005AF3-2.txt b/tests/openpgp/tofu/conflicting/1C005AF3-2.txt
new file mode 100644
index 000000000..fde9fb882
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/1C005AF3-2.txt differ
diff --git a/tests/openpgp/tofu/conflicting/1C005AF3-3.txt b/tests/openpgp/tofu/conflicting/1C005AF3-3.txt
new file mode 100644
index 000000000..e6aa4ac83
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/1C005AF3-3.txt differ
diff --git a/tests/openpgp/tofu/conflicting/1C005AF3-4.txt b/tests/openpgp/tofu/conflicting/1C005AF3-4.txt
new file mode 100644
index 000000000..6a1489162
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/1C005AF3-4.txt differ
diff --git a/tests/openpgp/tofu/conflicting/1C005AF3-5.txt b/tests/openpgp/tofu/conflicting/1C005AF3-5.txt
new file mode 100644
index 000000000..12fb5fb50
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/1C005AF3-5.txt differ
diff --git a/tests/openpgp/tofu/conflicting/1C005AF3-secret.gpg b/tests/openpgp/tofu/conflicting/1C005AF3-secret.gpg
new file mode 100644
index 000000000..5f1e78ad1
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/1C005AF3-secret.gpg differ
diff --git a/tests/openpgp/tofu/conflicting/1C005AF3.gpg b/tests/openpgp/tofu/conflicting/1C005AF3.gpg
new file mode 100644
index 000000000..7a750111d
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/1C005AF3.gpg differ
diff --git a/tests/openpgp/tofu/conflicting/B662E42F-1.txt b/tests/openpgp/tofu/conflicting/B662E42F-1.txt
new file mode 100644
index 000000000..c39056ce1
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/B662E42F-1.txt differ
diff --git a/tests/openpgp/tofu/conflicting/B662E42F-2.txt b/tests/openpgp/tofu/conflicting/B662E42F-2.txt
new file mode 100644
index 000000000..a96ef9f29
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/B662E42F-2.txt differ
diff --git a/tests/openpgp/tofu/conflicting/B662E42F-3.txt b/tests/openpgp/tofu/conflicting/B662E42F-3.txt
new file mode 100644
index 000000000..2e6e81b44
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/B662E42F-3.txt differ
diff --git a/tests/openpgp/tofu/conflicting/B662E42F-4.txt b/tests/openpgp/tofu/conflicting/B662E42F-4.txt
new file mode 100644
index 000000000..470882f68
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/B662E42F-4.txt differ
diff --git a/tests/openpgp/tofu/conflicting/B662E42F-5.txt b/tests/openpgp/tofu/conflicting/B662E42F-5.txt
new file mode 100644
index 000000000..21d54bc4a
--- /dev/null
+++ b/tests/openpgp/tofu/conflicting/B662E42F-5.txt
@@ -0,0 +1 @@
+£›ÀËÌÀÁ¨%¶¼[Ò}ÆÓI ®i’¦\ŒÆ, Œ ²bŠ,ù&ÖkÏhí³‰Òӌ†)ee©cà h&q0lÊ;S“ɵ´`ÅâK˾>ž¾}iÚñªwò²ö5?VÙðF+' |]ó$í/Ÿôj×m•³ÓJÄߖTjY‘À¤Á£<ÿø™i»½6%Æ|ªÿ÷¢aûÿGVkgË4eµ<akï¿õÓBî U£o¿fføöZ<ÚñU[ÕÔhþÞJeÒÂníóÜýÞ뤙þœ¶šâœ f~÷[”dm"v²•?P3}=×üŒŒ}Ó#"ò^µ±¬j-µ‘×ùTҁ²Õœ+/q­=±&­Ü>̬¸²åüëÏÕÕ%îíkºzùŠNëìýlʳêמŸšž©:æü‘ŠÏ7zü›žÎÐ\oÞµs™úJÅs1éÚñû
\ No newline at end of file
diff --git a/tests/openpgp/tofu/conflicting/B662E42F-secret.gpg b/tests/openpgp/tofu/conflicting/B662E42F-secret.gpg
new file mode 100644
index 000000000..7362ded63
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/B662E42F-secret.gpg differ
diff --git a/tests/openpgp/tofu/conflicting/B662E42F.gpg b/tests/openpgp/tofu/conflicting/B662E42F.gpg
new file mode 100644
index 000000000..6c07520f9
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/B662E42F.gpg differ
diff --git a/tests/openpgp/tofu/conflicting/BE04EB2B-1.txt b/tests/openpgp/tofu/conflicting/BE04EB2B-1.txt
new file mode 100644
index 000000000..1b3de477e
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/BE04EB2B-1.txt differ
diff --git a/tests/openpgp/tofu/conflicting/BE04EB2B-2.txt b/tests/openpgp/tofu/conflicting/BE04EB2B-2.txt
new file mode 100644
index 000000000..f4f5487b3
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/BE04EB2B-2.txt differ
diff --git a/tests/openpgp/tofu/conflicting/BE04EB2B-3.txt b/tests/openpgp/tofu/conflicting/BE04EB2B-3.txt
new file mode 100644
index 000000000..74510739b
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/BE04EB2B-3.txt differ
diff --git a/tests/openpgp/tofu/conflicting/BE04EB2B-4.txt b/tests/openpgp/tofu/conflicting/BE04EB2B-4.txt
new file mode 100644
index 000000000..f15496d6d
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/BE04EB2B-4.txt differ
diff --git a/tests/openpgp/tofu/conflicting/BE04EB2B-5.txt b/tests/openpgp/tofu/conflicting/BE04EB2B-5.txt
new file mode 100644
index 000000000..39078f1b7
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/BE04EB2B-5.txt differ
diff --git a/tests/openpgp/tofu/conflicting/BE04EB2B-secret.gpg b/tests/openpgp/tofu/conflicting/BE04EB2B-secret.gpg
new file mode 100644
index 000000000..5d393aa5a
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/BE04EB2B-secret.gpg differ
diff --git a/tests/openpgp/tofu/conflicting/BE04EB2B.gpg b/tests/openpgp/tofu/conflicting/BE04EB2B.gpg
new file mode 100644
index 000000000..787b238f6
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/BE04EB2B.gpg differ
diff --git a/tests/openpgp/tofu/conflicting/README b/tests/openpgp/tofu/conflicting/README
new file mode 100644
index 000000000..e2c48f2eb
--- /dev/null
+++ b/tests/openpgp/tofu/conflicting/README
@@ -0,0 +1,8 @@
+This directory contains three keys (1C005AF3, B662E42F, and BE04EB2B),
+which all have the same user id, namely "Joke Factory
+<joke.factory@example.com>".
+
+The keys are stored in KEYID.gpg. The secret key material is stored
+in KEYID-secret.gpg (the secret key material is not password
+protected). The files KEYID-N.txt contain messages, which are signed
+by KEYID. The message is "N\n".

File Metadata

Mime Type
application/octet-stream
Expires
Tue, Jan 27, 5:46 PM (2 d)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
d2/e6/76c1377a29086deb95ebb7447967

Event Timeline