4 # - decryption/verification with signer key not available
5 # - verification of signatures from expired/revoked keys
7 test_description='PGP/MIME signature verification and decryption'
8 . ./test-lib.sh || exit 1
13 [ -d ${GNUPGHOME} ] && return
14 mkdir -m 0700 "$GNUPGHOME"
15 gpg --no-tty --import <$TEST_DIRECTORY/gnupg-secret-key.asc >"$GNUPGHOME"/import.log 2>&1
16 test_debug "cat $GNUPGHOME/import.log"
17 if (gpg --quick-random --version >/dev/null 2>&1) ; then
18 echo quick-random >> "$GNUPGHOME"/gpg.conf
19 elif (gpg --debug-quick-random --version >/dev/null 2>&1) ; then
20 echo debug-quick-random >> "$GNUPGHOME"/gpg.conf
22 echo no-emit-version >> "$GNUPGHOME"/gpg.conf
25 ##################################################
28 # Change this if we ship a new test key
29 FINGERPRINT="5AEAB11F5E33DCE875DDB75B6D92612D94E46381"
31 test_begin_subtest "emacs delivery of signed message"
34 "test signed message 001" \
35 "This is a test signed message." \
36 "(mml-secure-message-sign)"'
38 test_begin_subtest "signature verification"
39 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
40 | notmuch_json_show_sanitize \
41 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
42 expected='[[[{"id": "XXXXX",
45 "filename": ["YYYYY"],
46 "timestamp": 946728000,
47 "date_relative": "2000-01-01",
48 "tags": ["inbox","signed"],
49 "headers": {"Subject": "test signed message 001",
50 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
51 "To": "test_suite@notmuchmail.org",
52 "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
54 "sigstatus": [{"status": "good",
55 "fingerprint": "'$FINGERPRINT'",
56 "created": 946728000}],
57 "content-type": "multipart/signed",
59 "content-type": "text/plain",
60 "content": "This is a test signed message.\n"},
62 "content-type": "application/pgp-signature",
63 "content-length": "NONZERO"}]}]},
65 test_expect_equal_json \
69 test_begin_subtest "signature verification with full owner trust"
70 # give the key full owner trust
71 echo "${FINGERPRINT}:6:" | gpg --no-tty --import-ownertrust >>"$GNUPGHOME"/trust.log 2>&1
72 gpg --no-tty --check-trustdb >>"$GNUPGHOME"/trust.log 2>&1
73 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
74 | notmuch_json_show_sanitize \
75 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
76 expected='[[[{"id": "XXXXX",
79 "filename": ["YYYYY"],
80 "timestamp": 946728000,
81 "date_relative": "2000-01-01",
82 "tags": ["inbox","signed"],
83 "headers": {"Subject": "test signed message 001",
84 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
85 "To": "test_suite@notmuchmail.org",
86 "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
88 "sigstatus": [{"status": "good",
89 "fingerprint": "'$FINGERPRINT'",
91 "userid": " Notmuch Test Suite <test_suite@notmuchmail.org> (INSECURE!)"}],
92 "content-type": "multipart/signed",
94 "content-type": "text/plain",
95 "content": "This is a test signed message.\n"},
97 "content-type": "application/pgp-signature",
98 "content-length": "NONZERO"}]}]},
100 test_expect_equal_json \
104 test_begin_subtest "signature verification with signer key unavailable"
105 # move the gnupghome temporarily out of the way
106 mv "${GNUPGHOME}"{,.bak}
107 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
108 | notmuch_json_show_sanitize \
109 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
110 expected='[[[{"id": "XXXXX",
113 "filename": ["YYYYY"],
114 "timestamp": 946728000,
115 "date_relative": "2000-01-01",
116 "tags": ["inbox","signed"],
117 "headers": {"Subject": "test signed message 001",
118 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
119 "To": "test_suite@notmuchmail.org",
120 "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
122 "sigstatus": [{"status": "error",
123 "keyid": "'$(echo $FINGERPRINT | cut -c 25-)'",
125 "content-type": "multipart/signed",
126 "content": [{"id": 2,
127 "content-type": "text/plain",
128 "content": "This is a test signed message.\n"},
130 "content-type": "application/pgp-signature",
131 "content-length": "NONZERO"}]}]},
133 test_expect_equal_json \
136 mv "${GNUPGHOME}"{.bak,}
138 test_begin_subtest "emacs delivery of encrypted message with attachment"
139 # create a test encrypted message with attachment
140 cat <<EOF >TESTATTACHMENT
143 test_expect_success \
145 "test encrypted message 001" \
146 "This is a test encrypted message.\n" \
147 "(mml-attach-file \"TESTATTACHMENT\") (mml-secure-message-encrypt)"'
149 test_begin_subtest "decryption, --format=text"
150 output=$(notmuch show --format=text --decrypt subject:"test encrypted message 001" \
151 | notmuch_show_sanitize_all \
152 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
153 expected='
\fmessage{ id:XXXXX depth:0 match:1 excluded:0 filename:XXXXX
155 Notmuch Test Suite <test_suite@notmuchmail.org> (2000-01-01) (encrypted inbox)
156 Subject: test encrypted message 001
157 From: Notmuch Test Suite <test_suite@notmuchmail.org>
158 To: test_suite@notmuchmail.org
159 Date: Sat, 01 Jan 2000 12:00:00 +0000
162 \fpart{ ID: 1, Content-type: multipart/encrypted
163 \fpart{ ID: 2, Content-type: application/pgp-encrypted
164 Non-text part: application/pgp-encrypted
166 \fpart{ ID: 3, Content-type: multipart/mixed
167 \fpart{ ID: 4, Content-type: text/plain
168 This is a test encrypted message.
170 \fattachment{ ID: 5, Filename: TESTATTACHMENT, Content-type: application/octet-stream
171 Non-text part: application/octet-stream
181 test_begin_subtest "decryption, --format=json"
182 output=$(notmuch show --format=json --decrypt subject:"test encrypted message 001" \
183 | notmuch_json_show_sanitize \
184 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
185 expected='[[[{"id": "XXXXX",
188 "filename": ["YYYYY"],
189 "timestamp": 946728000,
190 "date_relative": "2000-01-01",
191 "tags": ["encrypted","inbox"],
192 "headers": {"Subject": "test encrypted message 001",
193 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
194 "To": "test_suite@notmuchmail.org",
195 "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
197 "encstatus": [{"status": "good"}],
199 "content-type": "multipart/encrypted",
200 "content": [{"id": 2,
201 "content-type": "application/pgp-encrypted",
202 "content-length": "NONZERO"},
204 "content-type": "multipart/mixed",
205 "content": [{"id": 4,
206 "content-type": "text/plain",
207 "content": "This is a test encrypted message.\n"},
209 "content-type": "application/octet-stream",
210 "content-disposition": "attachment",
211 "content-length": "NONZERO",
212 "content-transfer-encoding": "base64",
213 "filename": "TESTATTACHMENT"}]}]}]},
215 test_expect_equal_json \
219 test_begin_subtest "decryption, --format=json, --part=4"
220 output=$(notmuch show --format=json --part=4 --decrypt subject:"test encrypted message 001" \
221 | notmuch_json_show_sanitize \
222 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
224 "content-type": "text/plain",
225 "content": "This is a test encrypted message.\n"}'
226 test_expect_equal_json \
230 test_begin_subtest "decrypt attachment (--part=5 --format=raw)"
235 subject:"test encrypted message 001" >OUTPUT
236 test_expect_equal_file OUTPUT TESTATTACHMENT
238 test_begin_subtest "decryption failure with missing key"
239 mv "${GNUPGHOME}"{,.bak}
240 output=$(notmuch show --format=json --decrypt subject:"test encrypted message 001" \
241 | notmuch_json_show_sanitize \
242 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
243 expected='[[[{"id": "XXXXX",
246 "filename": ["YYYYY"],
247 "timestamp": 946728000,
248 "date_relative": "2000-01-01",
249 "tags": ["encrypted","inbox"],
250 "headers": {"Subject": "test encrypted message 001",
251 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
252 "To": "test_suite@notmuchmail.org",
253 "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
255 "encstatus": [{"status": "bad"}],
256 "content-type": "multipart/encrypted",
257 "content": [{"id": 2,
258 "content-type": "application/pgp-encrypted",
259 "content-length": "NONZERO"},
261 "content-type": "application/octet-stream",
262 "content-length": "NONZERO"}]}]},
264 test_expect_equal_json \
267 mv "${GNUPGHOME}"{.bak,}
269 test_begin_subtest "emacs delivery of encrypted + signed message"
270 test_expect_success \
272 "test encrypted message 002" \
273 "This is another test encrypted message.\n" \
274 "(mml-secure-message-sign-encrypt)"'
276 test_begin_subtest "decryption + signature verification"
277 output=$(notmuch show --format=json --decrypt subject:"test encrypted message 002" \
278 | notmuch_json_show_sanitize \
279 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
280 expected='[[[{"id": "XXXXX",
283 "filename": ["YYYYY"],
284 "timestamp": 946728000,
285 "date_relative": "2000-01-01",
286 "tags": ["encrypted","inbox"],
287 "headers": {"Subject": "test encrypted message 002",
288 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
289 "To": "test_suite@notmuchmail.org",
290 "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
292 "encstatus": [{"status": "good"}],
293 "sigstatus": [{"status": "good",
294 "fingerprint": "'$FINGERPRINT'",
295 "created": 946728000,
296 "userid": " Notmuch Test Suite <test_suite@notmuchmail.org> (INSECURE!)"}],
297 "content-type": "multipart/encrypted",
298 "content": [{"id": 2,
299 "content-type": "application/pgp-encrypted",
300 "content-length": "NONZERO"},
302 "content-type": "text/plain",
303 "content": "This is another test encrypted message.\n"}]}]},
305 test_expect_equal_json \
309 test_begin_subtest "reply to encrypted message"
310 output=$(notmuch reply --decrypt subject:"test encrypted message 002" \
311 | grep -v -e '^In-Reply-To:' -e '^References:')
312 expected='From: Notmuch Test Suite <test_suite@notmuchmail.org>
313 Subject: Re: test encrypted message 002
315 On 01 Jan 2000 12:00:00 -0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
316 > This is another test encrypted message.'
321 test_begin_subtest "Reply within emacs to an encrypted message"
322 test_emacs "(let ((message-hidden-headers '())
323 (notmuch-crypto-process-mime 't))
324 (notmuch-show \"subject:test.encrypted.message.002\")
327 # the empty To: is probably a bug, but it's not to do with encryption
328 grep -v -e '^In-Reply-To:' -e '^References:' -e '^Fcc:' -e 'To:' < OUTPUT > OUTPUT.clean
330 From: Notmuch Test Suite <test_suite@notmuchmail.org>
331 Subject: Re: test encrypted message 002
332 --text follows this line--
333 <#secure method=pgpmime mode=signencrypt>
334 Notmuch Test Suite <test_suite@notmuchmail.org> writes:
336 > This is another test encrypted message.
338 test_expect_equal_file EXPECTED OUTPUT.clean
340 test_begin_subtest "signature verification with revoked key"
341 # generate revocation certificate and load it to revoke key
344 Notmuch Test Suite key revocation (automated) $(date '+%F_%T%z')
349 | gpg --no-tty --quiet --command-fd 0 --armor --gen-revoke "0x${FINGERPRINT}!" 2>/dev/null \
350 | gpg --no-tty --quiet --import
351 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
352 | notmuch_json_show_sanitize \
353 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
354 expected='[[[{"id": "XXXXX",
357 "filename": ["YYYYY"],
358 "timestamp": 946728000,
359 "date_relative": "2000-01-01",
360 "tags": ["inbox","signed"],
361 "headers": {"Subject": "test signed message 001",
362 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
363 "To": "test_suite@notmuchmail.org",
364 "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
366 "sigstatus": [{"status": "error",
367 "keyid": "6D92612D94E46381",
369 "content-type": "multipart/signed",
370 "content": [{"id": 2,
371 "content-type": "text/plain",
372 "content": "This is a test signed message.\n"},
374 "content-type": "application/pgp-signature",
375 "content-length": "NONZERO"}]}]},
377 test_expect_equal_json \