mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-05 12:31:50 +01:00
4c0389f8eb
* g10/tofu.c (cross_sigs): When checking cross signatures, only consider the signatures on the specified user id. * tests/openpgp/tofu.scm: Add test for the above. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg: New file. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt: New file. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg: New file. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt: New file. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt: New file. * tests/openpgp/tofu/cross-sigs/ 1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg: New file. * tests/openpgp/tofu/cross-sigs/ DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg: New file. * tests/openpgp/tofu/cross-sigs/README: New file. -- Signed-off-by: Neal H. Walfield
80 lines
2.3 KiB
Plaintext
80 lines
2.3 KiB
Plaintext
# How I generate the keys and messages to verify:
|
|
|
|
# Generate and export two non-conflicting keys.
|
|
gpg --quick-gen-key 'Spy Cow <spy@cow.com>'
|
|
gpg --quick-gen-key 'Spy R. Cow <spy@cow.de>'
|
|
|
|
KEYIDA=1938C3A0E4674B6C217AC0B987DB2814EC38277E
|
|
KEYIDB=DC463A16E42F03240D76E8BA8B48C6BD871C2247
|
|
|
|
for KEYID in $KEYIDA $KEYIDB
|
|
do
|
|
gpg --export $KEYID > tofu-$KEYID.gpg
|
|
gpg --export-secret-keys $KEYID > tofu-$KEYID-secret.gpg
|
|
done
|
|
|
|
# Sign some data.
|
|
echo foo | gpg --default-key $KEYIDA -s > tofu-$KEYIDA-1.txt
|
|
echo foo | gpg --default-key $KEYIDB -s > tofu-$KEYIDB-1.txt
|
|
|
|
# Again, but with an issuer.
|
|
echo foo | gpg --default-key "<spy@cow.com>" -s > tofu-$KEYIDA-2.txt
|
|
echo foo | gpg --default-key "<spy@cow.de>" -s > tofu-$KEYIDB-2.txt
|
|
|
|
# Have A sign B and vice versa.
|
|
gpg --default-key $KEYIDA --quick-sign $KEYIDB
|
|
gpg --default-key $KEYIDB --quick-sign $KEYIDA
|
|
|
|
gpg --export $KEYIDA > tofu-$KEYIDA-2.gpg
|
|
gpg --export $KEYIDB > tofu-$KEYIDB-2.gpg
|
|
|
|
# Cause A and B to conflict.
|
|
gpg --quick-adduid $KEYIDB 'Spy R. Cow <spy@cow.com>'
|
|
gpg --export $KEYIDB > tofu-$KEYIDB-3.gpg
|
|
|
|
echo foo | gpg --default-key "<spy@cow.com>" -s > tofu-$KEYIDA-3.txt
|
|
echo foo | gpg --default-key "<spy@cow.com>" -s > tofu-$KEYIDB-3.txt
|
|
|
|
# Have A sign B's conflicting user id.
|
|
gpg --default-key $KEYIDA --quick-sign $KEYIDB
|
|
gpg --export $KEYIDB > tofu-$KEYIDB-4.gpg
|
|
|
|
exit 0
|
|
|
|
# In a new directory (so the keys are not ultimately trusted).
|
|
|
|
D=~/neal/work/gpg/test
|
|
echo 'trust-model tofu+pgp' > gpg.conf
|
|
gpg --import $D/tofu-$KEYIDA.gpg
|
|
gpg --import $D/tofu-$KEYIDB.gpg
|
|
gpg -k
|
|
|
|
gpg --verify $D/tofu-$KEYIDA-1.txt
|
|
gpg --verify $D/tofu-$KEYIDB-1.txt
|
|
# With an issuer.
|
|
gpg --verify $D/tofu-$KEYIDA-2.txt
|
|
gpg --verify $D/tofu-$KEYIDB-2.txt
|
|
|
|
# Import the cross signatures.
|
|
gpg --import $D/tofu-$KEYIDA-2.gpg
|
|
gpg --import $D/tofu-$KEYIDB-2.gpg
|
|
gpg -k
|
|
|
|
gpg --verify $D/tofu-$KEYIDA-1.txt
|
|
gpg --verify $D/tofu-$KEYIDB-1.txt
|
|
# With an issuer.
|
|
gpg --verify $D/tofu-$KEYIDA-2.txt
|
|
gpg --verify $D/tofu-$KEYIDB-2.txt
|
|
|
|
|
|
gpg --status-fd=1 --batch --verify $D/tofu-$KEYIDA-3.txt | grep TRUST_UNDEFINED
|
|
gpg --status-fd=1 --batch --verify $D/tofu-$KEYIDB-3.txt | grep TRUST_UNDEFINED
|
|
|
|
# Import the conflicting user id.
|
|
gpg --import $D/tofu-$KEYIDB-3.gpg
|
|
gpg -k
|
|
|
|
# Import the cross signature, which should remove the conflict.
|
|
gpg --import $D/tofu-$KEYIDB-4.gpg
|
|
gpg -k
|