4 # - decryption/verification with signer key not available
5 # - verification of signatures from expired/revoked keys
7 test_description='PGP/MIME signature verification and decryption'
13 [ -d ${GNUPGHOME} ] && return
14 mkdir -m 0700 "$GNUPGHOME"
15 gpg --no-tty --import <$TEST_DIRECTORY/gnupg-secret-key.asc >"$GNUPGHOME"/import.log 2>&1
16 test_debug "cat $GNUPGHOME/import.log"
17 if (gpg --quick-random --version >/dev/null 2>&1) ; then
18 echo quick-random >> "$GNUPGHOME"/gpg.conf
19 elif (gpg --debug-quick-random --version >/dev/null 2>&1) ; then
20 echo debug-quick-random >> "$GNUPGHOME"/gpg.conf
22 echo no-emit-version >> "$GNUPGHOME"/gpg.conf
25 ##################################################
29 FINGERPRINT=$(gpg --no-tty --list-secret-keys --with-colons --fingerprint | grep '^fpr:' | cut -d: -f10)
31 # for some reason this is needed for emacs_deliver_message to work,
32 # although I can't figure out why
35 test_expect_success 'emacs delivery of signed message' \
36 'emacs_deliver_message \
37 "test signed message 001" \
38 "This is a test signed message." \
39 "(mml-secure-message-sign)"'
41 test_begin_subtest "signature verification"
42 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
43 | notmuch_json_show_sanitize \
44 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
45 expected='[[[{"id": "XXXXX",
49 "timestamp": 946728000,
50 "date_relative": "2000-01-01",
51 "tags": ["inbox","signed"],
52 "headers": {"Subject": "test signed message 001",
53 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
54 "To": "test_suite@notmuchmail.org",
55 "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
57 "sigstatus": [{"status": "good",
58 "fingerprint": "'$FINGERPRINT'",
59 "created": 946728000}],
60 "content-type": "multipart/signed",
62 "content-type": "text/plain",
63 "content": "This is a test signed message.\n"},
65 "content-type": "application/pgp-signature",
66 "content-length": 280}]}]},
68 test_expect_equal_json \
72 test_begin_subtest "signature verification with full owner trust"
73 # give the key full owner trust
74 echo "${FINGERPRINT}:6:" | gpg --no-tty --import-ownertrust >>"$GNUPGHOME"/trust.log 2>&1
75 gpg --no-tty --check-trustdb >>"$GNUPGHOME"/trust.log 2>&1
76 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
77 | notmuch_json_show_sanitize \
78 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
79 expected='[[[{"id": "XXXXX",
83 "timestamp": 946728000,
84 "date_relative": "2000-01-01",
85 "tags": ["inbox","signed"],
86 "headers": {"Subject": "test signed message 001",
87 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
88 "To": "test_suite@notmuchmail.org",
89 "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
91 "sigstatus": [{"status": "good",
92 "fingerprint": "'$FINGERPRINT'",
94 "userid": " Notmuch Test Suite <test_suite@notmuchmail.org> (INSECURE!)"}],
95 "content-type": "multipart/signed",
97 "content-type": "text/plain",
98 "content": "This is a test signed message.\n"},
100 "content-type": "application/pgp-signature",
101 "content-length": 280}]}]},
103 test_expect_equal_json \
107 test_begin_subtest "signature verification with signer key unavailable"
108 # move the gnupghome temporarily out of the way
109 mv "${GNUPGHOME}"{,.bak}
110 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
111 | notmuch_json_show_sanitize \
112 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
113 expected='[[[{"id": "XXXXX",
117 "timestamp": 946728000,
118 "date_relative": "2000-01-01",
119 "tags": ["inbox","signed"],
120 "headers": {"Subject": "test signed message 001",
121 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
122 "To": "test_suite@notmuchmail.org",
123 "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
125 "sigstatus": [{"status": "error",
126 "keyid": "'$(echo $FINGERPRINT | cut -c 25-)'",
128 "content-type": "multipart/signed",
129 "content": [{"id": 2,
130 "content-type": "text/plain",
131 "content": "This is a test signed message.\n"},
133 "content-type": "application/pgp-signature",
134 "content-length": 280}]}]},
136 test_expect_equal_json \
139 mv "${GNUPGHOME}"{.bak,}
141 # create a test encrypted message with attachment
142 cat <<EOF >TESTATTACHMENT
145 test_expect_success 'emacs delivery of encrypted message with attachment' \
146 'emacs_deliver_message \
147 "test encrypted message 001" \
148 "This is a test encrypted message.\n" \
149 "(mml-attach-file \"TESTATTACHMENT\") (mml-secure-message-encrypt)"'
151 test_begin_subtest "decryption, --format=text"
152 output=$(notmuch show --format=text --decrypt subject:"test encrypted message 001" \
153 | notmuch_show_sanitize_all \
154 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
155 expected='
\fmessage{ id:XXXXX depth:0 match:1 excluded:0 filename:XXXXX
157 Notmuch Test Suite <test_suite@notmuchmail.org> (2000-01-01) (encrypted inbox)
158 Subject: test encrypted message 001
159 From: Notmuch Test Suite <test_suite@notmuchmail.org>
160 To: test_suite@notmuchmail.org
161 Date: Sat, 01 Jan 2000 12:00:00 +0000
164 \fpart{ ID: 1, Content-type: multipart/encrypted
165 \fpart{ ID: 2, Content-type: application/pgp-encrypted
166 Non-text part: application/pgp-encrypted
168 \fpart{ ID: 3, Content-type: multipart/mixed
169 \fpart{ ID: 4, Content-type: text/plain
170 This is a test encrypted message.
172 \fattachment{ ID: 5, Filename: TESTATTACHMENT, Content-type: application/octet-stream
173 Non-text part: application/octet-stream
183 test_begin_subtest "decryption, --format=json"
184 output=$(notmuch show --format=json --decrypt subject:"test encrypted message 001" \
185 | notmuch_json_show_sanitize \
186 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
187 expected='[[[{"id": "XXXXX",
191 "timestamp": 946728000,
192 "date_relative": "2000-01-01",
193 "tags": ["encrypted","inbox"],
194 "headers": {"Subject": "test encrypted message 001",
195 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
196 "To": "test_suite@notmuchmail.org",
197 "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
199 "encstatus": [{"status": "good"}],
201 "content-type": "multipart/encrypted",
202 "content": [{"id": 2,
203 "content-type": "application/pgp-encrypted",
204 "content-length": 11},
206 "content-type": "multipart/mixed",
207 "content": [{"id": 4,
208 "content-type": "text/plain",
209 "content": "This is a test encrypted message.\n"},
211 "content-type": "application/octet-stream",
212 "content-length": 28,
213 "content-transfer-encoding": "base64",
214 "filename": "TESTATTACHMENT"}]}]}]},
216 test_expect_equal_json \
220 test_begin_subtest "decryption, --format=json, --part=4"
221 output=$(notmuch show --format=json --part=4 --decrypt subject:"test encrypted message 001" \
222 | notmuch_json_show_sanitize \
223 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
225 "content-type": "text/plain",
226 "content": "This is a test encrypted message.\n"}'
227 test_expect_equal_json \
231 test_begin_subtest "decrypt attachment (--part=5 --format=raw)"
236 subject:"test encrypted message 001" >OUTPUT
237 test_expect_equal_file OUTPUT TESTATTACHMENT
239 test_begin_subtest "decryption failure with missing key"
240 mv "${GNUPGHOME}"{,.bak}
241 # The length of the encrypted attachment varies so must be normalized.
242 output=$(notmuch show --format=json --decrypt subject:"test encrypted message 001" \
243 | notmuch_json_show_sanitize \
244 | sed -e 's|"created": [1234567890]*|"created": 946728000|' \
245 | sed -e 's|"content-length": 6[1234567890]*|"content-length": 652|')
246 expected='[[[{"id": "XXXXX",
250 "timestamp": 946728000,
251 "date_relative": "2000-01-01",
252 "tags": ["encrypted","inbox"],
253 "headers": {"Subject": "test encrypted message 001",
254 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
255 "To": "test_suite@notmuchmail.org",
256 "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
258 "encstatus": [{"status": "bad"}],
259 "content-type": "multipart/encrypted",
260 "content": [{"id": 2,
261 "content-type": "application/pgp-encrypted",
262 "content-length": 11},
264 "content-type": "application/octet-stream",
265 "content-length": 652}]}]},
267 test_expect_equal_json \
270 mv "${GNUPGHOME}"{.bak,}
272 test_expect_success 'emacs delivery of encrypted + signed message' \
273 'emacs_deliver_message \
274 "test encrypted message 002" \
275 "This is another test encrypted message.\n" \
276 "(mml-secure-message-sign-encrypt)"'
278 test_begin_subtest "decryption + signature verification"
279 output=$(notmuch show --format=json --decrypt subject:"test encrypted message 002" \
280 | notmuch_json_show_sanitize \
281 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
282 expected='[[[{"id": "XXXXX",
286 "timestamp": 946728000,
287 "date_relative": "2000-01-01",
288 "tags": ["encrypted","inbox"],
289 "headers": {"Subject": "test encrypted message 002",
290 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
291 "To": "test_suite@notmuchmail.org",
292 "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
294 "encstatus": [{"status": "good"}],
295 "sigstatus": [{"status": "good",
296 "fingerprint": "'$FINGERPRINT'",
297 "created": 946728000,
298 "userid": " Notmuch Test Suite <test_suite@notmuchmail.org> (INSECURE!)"}],
299 "content-type": "multipart/encrypted",
300 "content": [{"id": 2,
301 "content-type": "application/pgp-encrypted",
302 "content-length": 11},
304 "content-type": "text/plain",
305 "content": "This is another test encrypted message.\n"}]}]},
307 test_expect_equal_json \
311 test_begin_subtest "reply to encrypted message"
312 output=$(notmuch reply --decrypt subject:"test encrypted message 002" \
313 | grep -v -e '^In-Reply-To:' -e '^References:')
314 expected='From: Notmuch Test Suite <test_suite@notmuchmail.org>
315 Subject: Re: test encrypted message 002
317 On 01 Jan 2000 12:00:00 -0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
318 > This is another test encrypted message.'
323 test_begin_subtest "signature verification with revoked key"
324 # generate revocation certificate and load it to revoke key
327 Notmuch Test Suite key revocation (automated) $(date '+%F_%T%z')
332 | gpg --no-tty --quiet --command-fd 0 --armor --gen-revoke "0x${FINGERPRINT}!" 2>/dev/null \
333 | gpg --no-tty --quiet --import
334 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
335 | notmuch_json_show_sanitize \
336 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
337 expected='[[[{"id": "XXXXX",
341 "timestamp": 946728000,
342 "date_relative": "2000-01-01",
343 "tags": ["inbox","signed"],
344 "headers": {"Subject": "test signed message 001",
345 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
346 "To": "test_suite@notmuchmail.org",
347 "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
349 "sigstatus": [{"status": "error",
350 "keyid": "6D92612D94E46381",
352 "content-type": "multipart/signed",
353 "content": [{"id": 2,
354 "content-type": "text/plain",
355 "content": "This is a test signed message.\n"},
357 "content-type": "application/pgp-signature",
358 "content-length": 280}]}]},
360 test_expect_equal_json \