security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-01 16:33:02 +01:00
Code Activity

tests: Test the pinentry interactions when exporting keys.

Browse Source 
* tests/openpgp/export.test: Test pinentry interactions.

Signed-off-by: Justus Winter <justus@g10code.com>
This commit is contained in:
Justus Winter 2016-04-19 16:23:42 +02:00
parent 4994153924
commit b9d1e099c3
1 changed files with 67 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
tests/openpgp/export.test
View File

@ -36,12 +36,34 @@ check_armored_private_key()
check_exported_private_key $1 check_exported_private_key $1
} }
logfile="`pwd`/pinentry.log"
ppfile="`pwd`/passphrases"
rm -f -- $logfile $ppfile
touch $ppfile
prepare_passphrase()
{
echo $* >>$ppfile
}
prepare_passphrase_confirm()
{
echo "fake-entry being started to CONFIRM the weak phrase" >>$ppfile
}
assert_passphrases_consumed()
{
if test -s $ppfile; then
echo "Expected $ppfile to be empty, but these are enqueued:" >&2
cat "$ppfile" >&2
exit 1
fi
rm -f -- $logfile
}
# XXX: Currently, gpg does not allow one to export private keys # XXX: Currently, gpg does not allow one to export private keys
# without a passphrase (issue2070, issue2324), and our fake pinentry # without a passphrase (issue2070, issue2324).
# only allows us to specify one passphrase. We therefore use the export PINENTRY_USER_DATA="--logfile=$logfile --passphrasefile=$ppfile"
# passphrase of our first key to unlock it (the other keys are not
# protected), and also use the same passphrase for the exported keys.
export PINENTRY_USER_DATA="$usrpass1"
info "Checking key export." info "Checking key export."
for KEY in D74C5F22 C40FDECF ECABF51D for KEY in D74C5F22 C40FDECF ECABF51D
@ -56,13 +78,53 @@ do
check_armored_public_key $KEY.public check_armored_public_key $KEY.public
rm $KEY.public rm $KEY.public
if [ $KEY = D74C5F22 ]; then
# Key D74C5F22 is protected by a passphrase. Prepare this
# one. Currently, GnuPG does not ask for an export passphrase
# in this case.
prepare_passphrase "$usrpass1"
else
# We use a weak passphrase which we'll have to confirm.
prepare_passphrase "export passphrase"
prepare_passphrase_confirm
prepare_passphrase "export passphrase"
# Key C40FDECF has a subkey.
if [ $KEY = C40FDECF ]; then
prepare_passphrase "export passphrase"
prepare_passphrase_confirm
prepare_passphrase "export passphrase"
fi
fi
$GPG --export-secret-keys $KEY >$KEY.private $GPG --export-secret-keys $KEY >$KEY.private
check_exported_private_key $KEY.private check_exported_private_key $KEY.private
rm $KEY.private rm $KEY.private
assert_passphrases_consumed
if [ $KEY = D74C5F22 ]; then
# Key D74C5F22 is protected by a passphrase. Prepare this
# one. Currently, GnuPG does not ask for an export passphrase
# in this case.
prepare_passphrase "$usrpass1"
else
# We use a stronger passphrase here.
prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
# Key C40FDECF has a subkey.
if [ $KEY = C40FDECF ]; then
prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
fi
fi
$GPG --armor --export-secret-keys $KEY >$KEY.private $GPG --armor --export-secret-keys $KEY >$KEY.private
check_armored_private_key $KEY.private check_armored_private_key $KEY.private
rm $KEY.private rm $KEY.private
assert_passphrases_consumed
done done
progress_end progress_end