4 # - decryption/verification with signer key not available
5 # - verification of signatures from expired/revoked keys
7 test_description='PGP/MIME signature verification and decryption'
13 [ -d ${GNUPGHOME} ] && return
14 mkdir -m 0700 "$GNUPGHOME"
15 gpg --no-tty --import <$TEST_DIRECTORY/gnupg-secret-key.asc >"$GNUPGHOME"/import.log 2>&1
16 test_debug "cat $GNUPGHOME/import.log"
17 if (gpg --quick-random --version >/dev/null 2>&1) ; then
18 echo quick-random >> "$GNUPGHOME"/gpg.conf
19 elif (gpg --debug-quick-random --version >/dev/null 2>&1) ; then
20 echo debug-quick-random >> "$GNUPGHOME"/gpg.conf
24 ##################################################
28 FINGERPRINT=$(gpg --no-tty --list-secret-keys --with-colons --fingerprint | grep '^fpr:' | cut -d: -f10)
30 # for some reason this is needed for emacs_deliver_message to work,
31 # although I can't figure out why
34 test_expect_success 'emacs delivery of signed message' \
35 'emacs_deliver_message \
36 "test signed message 001" \
37 "This is a test signed message." \
38 "(mml-secure-message-sign)"'
40 test_begin_subtest "signature verification"
41 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
42 | notmuch_json_show_sanitize \
43 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
44 expected='[[[{"id": "XXXXX",
47 "timestamp": 946728000,
48 "date_relative": "2000-01-01",
49 "tags": ["inbox","signed"],
50 "headers": {"Subject": "test signed message 001",
51 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
52 "To": "test_suite@notmuchmail.org",
54 01 Jan 2000 12:00:00 +0000"},
56 "sigstatus": [{"status": "good",
57 "fingerprint": "'$FINGERPRINT'",
58 "created": 946728000}],
59 "content-type": "multipart/signed",
61 "content-type": "text/plain",
62 "content": "This is a test signed message.\n"},
64 "content-type": "application/pgp-signature"}]}]},
70 test_begin_subtest "signature verification with full owner trust"
71 # give the key full owner trust
72 echo "${FINGERPRINT}:6:" | gpg --no-tty --import-ownertrust >>"$GNUPGHOME"/trust.log 2>&1
73 gpg --no-tty --check-trustdb >>"$GNUPGHOME"/trust.log 2>&1
74 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
75 | notmuch_json_show_sanitize \
76 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
77 expected='[[[{"id": "XXXXX",
80 "timestamp": 946728000,
81 "date_relative": "2000-01-01",
82 "tags": ["inbox","signed"],
83 "headers": {"Subject": "test signed message 001",
84 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
85 "To": "test_suite@notmuchmail.org",
87 01 Jan 2000 12:00:00 +0000"},
89 "sigstatus": [{"status": "good",
90 "fingerprint": "'$FINGERPRINT'",
92 "userid": " Notmuch Test Suite <test_suite@notmuchmail.org> (INSECURE!)"}],
93 "content-type": "multipart/signed",
95 "content-type": "text/plain",
96 "content": "This is a test signed message.\n"},
98 "content-type": "application/pgp-signature"}]}]},
104 test_begin_subtest "signature verification with signer key unavailable"
105 # this is broken with current versions of gmime-2.6
106 (ldd $(which notmuch) | grep -Fq gmime-2.6) && test_subtest_known_broken
107 # move the gnupghome temporarily out of the way
108 mv "${GNUPGHOME}"{,.bak}
109 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
110 | notmuch_json_show_sanitize \
111 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
112 expected='[[[{"id": "XXXXX",
115 "timestamp": 946728000,
116 "date_relative": "2000-01-01",
117 "tags": ["inbox","signed"],
118 "headers": {"Subject": "test signed message 001",
119 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
120 "To": "test_suite@notmuchmail.org",
122 01 Jan 2000 12:00:00 +0000"},
124 "sigstatus": [{"status": "error",
125 "keyid": "'$(echo $FINGERPRINT | cut -c 25-)'",
127 "content-type": "multipart/signed",
128 "content": [{"id": 2,
129 "content-type": "text/plain",
130 "content": "This is a test signed message.\n"},
132 "content-type": "application/pgp-signature"}]}]},
137 mv "${GNUPGHOME}"{.bak,}
139 # create a test encrypted message with attachment
140 cat <<EOF >TESTATTACHMENT
143 test_expect_success 'emacs delivery of encrypted message with attachment' \
144 'emacs_deliver_message \
145 "test encrypted message 001" \
146 "This is a test encrypted message.\n" \
147 "(mml-attach-file \"TESTATTACHMENT\") (mml-secure-message-encrypt)"'
149 test_begin_subtest "decryption, --format=text"
150 output=$(notmuch show --format=text --decrypt subject:"test encrypted message 001" \
151 | notmuch_show_sanitize_all \
152 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
153 expected='
\fmessage{ id:XXXXX depth:0 match:1 filename:XXXXX
155 Notmuch Test Suite <test_suite@notmuchmail.org> (2000-01-01) (encrypted inbox)
156 Subject: test encrypted message 001
157 From: Notmuch Test Suite <test_suite@notmuchmail.org>
158 To: test_suite@notmuchmail.org
159 Date: Sat, 01 Jan 2000 12:00:00 +0000
162 \fpart{ ID: 1, Content-type: multipart/encrypted
163 \fpart{ ID: 2, Content-type: application/pgp-encrypted
164 Non-text part: application/pgp-encrypted
166 \fpart{ ID: 3, Content-type: multipart/mixed
167 \fpart{ ID: 4, Content-type: text/plain
168 This is a test encrypted message.
170 \fattachment{ ID: 5, Filename: TESTATTACHMENT, Content-type: application/octet-stream
171 Non-text part: application/octet-stream
181 test_begin_subtest "decryption, --format=json"
182 output=$(notmuch show --format=json --decrypt subject:"test encrypted message 001" \
183 | notmuch_json_show_sanitize \
184 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
185 expected='[[[{"id": "XXXXX",
188 "timestamp": 946728000,
189 "date_relative": "2000-01-01",
190 "tags": ["encrypted","inbox"],
191 "headers": {"Subject": "test encrypted message 001",
192 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
193 "To": "test_suite@notmuchmail.org",
195 01 Jan 2000 12:00:00 +0000"},
197 "encstatus": [{"status": "good"}],
199 "content-type": "multipart/encrypted",
200 "content": [{"id": 2,
201 "content-type": "application/pgp-encrypted"},
203 "content-type": "multipart/mixed",
204 "content": [{"id": 4,
205 "content-type": "text/plain",
206 "content": "This is a test encrypted message.\n"},
208 "content-type": "application/octet-stream",
209 "filename": "TESTATTACHMENT"}]}]}]},
215 test_begin_subtest "decryption, --format=json, --part=4"
216 output=$(notmuch show --format=json --part=4 --decrypt subject:"test encrypted message 001" \
217 | notmuch_json_show_sanitize \
218 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
220 "content-type": "text/plain",
221 "content": "This is a test encrypted message.\n"}'
226 test_begin_subtest "decrypt attachment (--part=5 --format=raw)"
231 subject:"test encrypted message 001" >OUTPUT
232 test_expect_equal_file OUTPUT TESTATTACHMENT
234 test_begin_subtest "decryption failure with missing key"
235 mv "${GNUPGHOME}"{,.bak}
236 output=$(notmuch show --format=json --decrypt subject:"test encrypted message 001" \
237 | notmuch_json_show_sanitize \
238 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
239 expected='[[[{"id": "XXXXX",
242 "timestamp": 946728000,
243 "date_relative": "2000-01-01",
244 "tags": ["encrypted","inbox"],
245 "headers": {"Subject": "test encrypted message 001",
246 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
247 "To": "test_suite@notmuchmail.org",
249 01 Jan 2000 12:00:00 +0000"},
251 "encstatus": [{"status": "bad"}],
252 "content-type": "multipart/encrypted",
253 "content": [{"id": 2,
254 "content-type": "application/pgp-encrypted"},
256 "content-type": "application/octet-stream"}]}]},
261 mv "${GNUPGHOME}"{.bak,}
263 test_expect_success 'emacs delivery of encrypted + signed message' \
264 'emacs_deliver_message \
265 "test encrypted message 002" \
266 "This is another test encrypted message.\n" \
267 "(mml-secure-message-sign-encrypt)"'
269 test_begin_subtest "decryption + signature verification"
270 output=$(notmuch show --format=json --decrypt subject:"test encrypted message 002" \
271 | notmuch_json_show_sanitize \
272 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
273 expected='[[[{"id": "XXXXX",
276 "timestamp": 946728000,
277 "date_relative": "2000-01-01",
278 "tags": ["encrypted","inbox"],
279 "headers": {"Subject": "test encrypted message 002",
280 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
281 "To": "test_suite@notmuchmail.org",
283 01 Jan 2000 12:00:00 +0000"},
285 "encstatus": [{"status": "good"}],
286 "sigstatus": [{"status": "good",
287 "fingerprint": "'$FINGERPRINT'",
288 "created": 946728000,
289 "userid": " Notmuch Test Suite <test_suite@notmuchmail.org> (INSECURE!)"}],
290 "content-type": "multipart/encrypted",
291 "content": [{"id": 2,
292 "content-type": "application/pgp-encrypted"},
294 "content-type": "text/plain",
295 "content": "This is another test encrypted message.\n"}]}]},
301 test_begin_subtest "reply to encrypted message"
302 output=$(notmuch reply --decrypt subject:"test encrypted message 002" \
303 | grep -v -e '^In-Reply-To:' -e '^References:')
304 expected='From: Notmuch Test Suite <test_suite@notmuchmail.org>
305 Subject: Re: test encrypted message 002
307 On 01 Jan 2000 12:00:00 -0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
308 > This is another test encrypted message.'
313 test_begin_subtest "signature verification with revoked key"
314 # generate revocation certificate and load it to revoke key
317 Notmuch Test Suite key revocation (automated) $(date '+%F_%T%z')
322 | gpg --no-tty --quiet --command-fd 0 --armor --gen-revoke "0x${FINGERPRINT}!" 2>/dev/null \
323 | gpg --no-tty --quiet --import
324 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
325 | notmuch_json_show_sanitize \
326 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
327 expected='[[[{"id": "XXXXX",
330 "timestamp": 946728000,
331 "date_relative": "2000-01-01",
332 "tags": ["inbox","signed"],
333 "headers": {"Subject": "test signed message 001",
334 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
335 "To": "test_suite@notmuchmail.org",
337 01 Jan 2000 12:00:00 +0000"},
339 "sigstatus": [{"status": "error",
340 "keyid": "6D92612D94E46381",
342 "content-type": "multipart/signed",
343 "content": [{"id": 2,
344 "content-type": "text/plain",
345 "content": "This is a test signed message.\n"},
347 "content-type": "application/pgp-signature"}]}]},