mirror of
git://git.gnupg.org/gnupg.git
synced 2024-11-10 21:38:50 +01:00
c41c46fa84
* g10/export.c (do_export_stream): If a key is stored by the agent in cleartext, then try to export it as cleartext. * tests/openpgp/export.test: For secret keys that are stored in cleartext, test should try to export without pinentry interaction. -- This restores the behavior of GnuPG 2.0 and 1.4 when exporting passphraseless secret keys, and fixes the test suite accordingly. GnuPG-bug-id: 2070, 2324 Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
111 lines
2.7 KiB
Bash
Executable File
111 lines
2.7 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
. $srcdir/defs.inc || exit 3
|
|
|
|
check_exported_public_key()
|
|
{
|
|
$GPG --list-packets $1 >$1.packets
|
|
grep '^:public key packet:' $1.packets >/dev/null
|
|
grep "^ keyid: .*$KEY$" $1.packets >/dev/null
|
|
grep '^:user ID packet:' $1.packets >/dev/null
|
|
grep "^:signature packet:.*keyid.*$KEY" $1.packets >/dev/null
|
|
rm $1.packets
|
|
}
|
|
|
|
check_armored_public_key()
|
|
{
|
|
grep '^-----BEGIN PGP PUBLIC KEY BLOCK-----$' $1 >/dev/null
|
|
grep '^-----END PGP PUBLIC KEY BLOCK-----$' $1 >/dev/null
|
|
check_exported_public_key $1
|
|
}
|
|
|
|
check_exported_private_key()
|
|
{
|
|
$GPG --list-packets $1 >$1.packets
|
|
grep '^:secret key packet:' $1.packets >/dev/null
|
|
grep "^ keyid: .*$KEY$" $1.packets >/dev/null
|
|
grep '^:user ID packet:' $1.packets >/dev/null
|
|
grep "^:signature packet:.*keyid.*$KEY" $1.packets >/dev/null
|
|
rm $1.packets
|
|
}
|
|
|
|
check_armored_private_key()
|
|
{
|
|
grep '^-----BEGIN PGP PRIVATE KEY BLOCK-----$' $1 >/dev/null
|
|
grep '^-----END PGP PRIVATE KEY BLOCK-----$' $1 >/dev/null
|
|
check_exported_private_key $1
|
|
}
|
|
|
|
logfile="`pwd`/pinentry.log"
|
|
ppfile="`pwd`/passphrases"
|
|
rm -f -- $logfile $ppfile
|
|
touch $ppfile
|
|
|
|
prepare_passphrase()
|
|
{
|
|
echo $* >>$ppfile
|
|
}
|
|
|
|
prepare_passphrase_confirm()
|
|
{
|
|
echo "fake-entry being started to CONFIRM the weak phrase" >>$ppfile
|
|
}
|
|
|
|
assert_passphrases_consumed()
|
|
{
|
|
if test -s $ppfile; then
|
|
echo "Expected $ppfile to be empty, but these are enqueued:" >&2
|
|
cat "$ppfile" >&2
|
|
exit 1
|
|
fi
|
|
rm -f -- $logfile
|
|
}
|
|
|
|
export PINENTRY_USER_DATA="--logfile=$logfile --passphrasefile=$ppfile"
|
|
|
|
info "Checking key export."
|
|
for KEY in D74C5F22 C40FDECF ECABF51D
|
|
do
|
|
progress $KEY
|
|
|
|
$GPG --export $KEY >$KEY.public
|
|
check_exported_public_key $KEY.public
|
|
rm $KEY.public
|
|
|
|
$GPG --armor --export $KEY >$KEY.public
|
|
check_armored_public_key $KEY.public
|
|
rm $KEY.public
|
|
|
|
# test without --armor:
|
|
|
|
if [ $KEY = D74C5F22 ]; then
|
|
# Key D74C5F22 is protected by a passphrase. Prepare this
|
|
# one. Currently, GnuPG does not ask for an export passphrase
|
|
# in this case.
|
|
prepare_passphrase "$usrpass1"
|
|
fi
|
|
|
|
$GPG --export-secret-keys $KEY >$KEY.private
|
|
check_exported_private_key $KEY.private
|
|
rm $KEY.private
|
|
|
|
assert_passphrases_consumed
|
|
|
|
# test with --armor:
|
|
|
|
if [ $KEY = D74C5F22 ]; then
|
|
# Key D74C5F22 is protected by a passphrase. Prepare this
|
|
# one. Currently, GnuPG does not ask for an export passphrase
|
|
# in this case.
|
|
prepare_passphrase "$usrpass1"
|
|
fi
|
|
|
|
$GPG --armor --export-secret-keys $KEY >$KEY.private
|
|
check_armored_private_key $KEY.private
|
|
rm $KEY.private
|
|
|
|
assert_passphrases_consumed
|
|
done
|
|
|
|
progress_end
|