mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-10 13:04:23 +01:00
0c56ad5a8d
* tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg: Rename from this... * tests/openpgp/tofu/cross-sigs/EC38277E-1.gpg: .. to this. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt: Rename from this... * tests/openpgp/tofu/cross-sigs/EC38277E-1.txt: .. to this. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg: Rename from this... * tests/openpgp/tofu/cross-sigs/EC38277E-2.gpg: .. to this. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt: Rename from this... * tests/openpgp/tofu/cross-sigs/EC38277E-2.txt: .. to this. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt: Rename from this... * tests/openpgp/tofu/cross-sigs/EC38277E-3.txt: .. to this. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg: Rename from this... * tests/openpgp/tofu/cross-sigs/EC38277E-secret.gpg: .. to this. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg: Rename from this... * tests/openpgp/tofu/cross-sigs/871C2247-1.gpg: .. to this. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt: Rename from this... * tests/openpgp/tofu/cross-sigs/871C2247-1.txt: .. to this. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg: Rename from this... * tests/openpgp/tofu/cross-sigs/871C2247-2.gpg: .. to this. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt: Rename from this... * tests/openpgp/tofu/cross-sigs/871C2247-2.txt: .. to this. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg: Rename from this... * tests/openpgp/tofu/cross-sigs/871C2247-3.gpg: .. to this. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt: Rename from this... * tests/openpgp/tofu/cross-sigs/871C2247-3.txt: .. to this. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg: Rename from this... * tests/openpgp/tofu/cross-sigs/871C2247-4.gpg: .. to this. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg: Rename from this... * tests/openpgp/tofu/cross-sigs/871C2247-secret.gpg: .. to this. * tests/openpgp/Makefile.am (TEST_FILES): Update accordingly. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> Fixed-commit: d2d936fbe86d61b89cead95df633b2b575690e05
# How I generate the keys and messages to verify: # Generate and export two non-conflicting keys. gpg --quick-gen-key 'Spy Cow <spy@cow.com>' gpg --quick-gen-key 'Spy R. Cow <spy@cow.de>' KEYIDA=1938C3A0E4674B6C217AC0B987DB2814EC38277E KEYIDB=DC463A16E42F03240D76E8BA8B48C6BD871C2247 for KEYID in $KEYIDA $KEYIDB do gpg --export $KEYID > tofu-$KEYID.gpg gpg --export-secret-keys $KEYID > tofu-$KEYID-secret.gpg done # Sign some data. echo foo | gpg --default-key $KEYIDA -s > tofu-$KEYIDA-1.txt echo foo | gpg --default-key $KEYIDB -s > tofu-$KEYIDB-1.txt # Again, but with an issuer. echo foo | gpg --default-key "<spy@cow.com>" -s > tofu-$KEYIDA-2.txt echo foo | gpg --default-key "<spy@cow.de>" -s > tofu-$KEYIDB-2.txt # Have A sign B and vice versa. gpg --default-key $KEYIDA --quick-sign $KEYIDB gpg --default-key $KEYIDB --quick-sign $KEYIDA gpg --export $KEYIDA > tofu-$KEYIDA-2.gpg gpg --export $KEYIDB > tofu-$KEYIDB-2.gpg # Cause A and B to conflict. gpg --quick-adduid $KEYIDB 'Spy R. Cow <spy@cow.com>' gpg --export $KEYIDB > tofu-$KEYIDB-3.gpg echo foo | gpg --default-key "<spy@cow.com>" -s > tofu-$KEYIDA-3.txt echo foo | gpg --default-key "<spy@cow.com>" -s > tofu-$KEYIDB-3.txt # Have A sign B's conflicting user id. gpg --default-key $KEYIDA --quick-sign $KEYIDB gpg --export $KEYIDB > tofu-$KEYIDB-4.gpg exit 0 # In a new directory (so the keys are not ultimately trusted). D=~/neal/work/gpg/test echo 'trust-model tofu+pgp' > gpg.conf gpg --import $D/tofu-$KEYIDA.gpg gpg --import $D/tofu-$KEYIDB.gpg gpg -k gpg --verify $D/tofu-$KEYIDA-1.txt gpg --verify $D/tofu-$KEYIDB-1.txt # With an issuer. gpg --verify $D/tofu-$KEYIDA-2.txt gpg --verify $D/tofu-$KEYIDB-2.txt # Import the cross signatures. gpg --import $D/tofu-$KEYIDA-2.gpg gpg --import $D/tofu-$KEYIDB-2.gpg gpg -k gpg --verify $D/tofu-$KEYIDA-1.txt gpg --verify $D/tofu-$KEYIDB-1.txt # With an issuer. gpg --verify $D/tofu-$KEYIDA-2.txt gpg --verify $D/tofu-$KEYIDB-2.txt gpg --status-fd=1 --batch --verify $D/tofu-$KEYIDA-3.txt | grep TRUST_UNDEFINED gpg --status-fd=1 --batch --verify $D/tofu-$KEYIDB-3.txt | grep TRUST_UNDEFINED # Import the conflicting user id. gpg --import $D/tofu-$KEYIDB-3.gpg gpg -k # Import the cross signature, which should remove the conflict. gpg --import $D/tofu-$KEYIDB-4.gpg gpg -k