4 # - decryption/verification with signer key not available
5 # - verification of signatures from expired/revoked keys
7 test_description='PGP/MIME signature verification and decryption'
8 . ./test-lib.sh || exit 1
13 [ -d ${GNUPGHOME} ] && return
14 _gnupg_exit () { gpgconf --kill all 2>/dev/null || true; }
15 at_exit_function _gnupg_exit
16 mkdir -m 0700 "$GNUPGHOME"
17 gpg --no-tty --import <$TEST_DIRECTORY/gnupg-secret-key.asc >"$GNUPGHOME"/import.log 2>&1
18 test_debug "cat $GNUPGHOME/import.log"
19 if (gpg --quick-random --version >/dev/null 2>&1) ; then
20 echo quick-random >> "$GNUPGHOME"/gpg.conf
21 elif (gpg --debug-quick-random --version >/dev/null 2>&1) ; then
22 echo debug-quick-random >> "$GNUPGHOME"/gpg.conf
24 echo no-emit-version >> "$GNUPGHOME"/gpg.conf
27 ##################################################
30 # Change this if we ship a new test key
31 FINGERPRINT="5AEAB11F5E33DCE875DDB75B6D92612D94E46381"
33 test_begin_subtest "emacs delivery of signed message"
36 "test signed message 001" \
37 "This is a test signed message." \
38 "(mml-secure-message-sign)"'
40 test_begin_subtest "signature verification"
41 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
42 | notmuch_json_show_sanitize \
43 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
44 expected='[[[{"id": "XXXXX",
47 "filename": ["YYYYY"],
48 "timestamp": 946728000,
49 "date_relative": "2000-01-01",
50 "tags": ["inbox","signed"],
51 "headers": {"Subject": "test signed message 001",
52 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
53 "To": "test_suite@notmuchmail.org",
54 "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
56 "sigstatus": [{"status": "good",
57 "fingerprint": "'$FINGERPRINT'",
58 "created": 946728000}],
59 "content-type": "multipart/signed",
61 "content-type": "text/plain",
62 "content": "This is a test signed message.\n"},
64 "content-type": "application/pgp-signature",
65 "content-length": "NONZERO"}]}]},
67 test_expect_equal_json \
71 test_begin_subtest "signature verification with full owner trust"
72 # give the key full owner trust
73 echo "${FINGERPRINT}:6:" | gpg --no-tty --import-ownertrust >>"$GNUPGHOME"/trust.log 2>&1
74 gpg --no-tty --check-trustdb >>"$GNUPGHOME"/trust.log 2>&1
75 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
76 | notmuch_json_show_sanitize \
77 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
78 expected='[[[{"id": "XXXXX",
81 "filename": ["YYYYY"],
82 "timestamp": 946728000,
83 "date_relative": "2000-01-01",
84 "tags": ["inbox","signed"],
85 "headers": {"Subject": "test signed message 001",
86 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
87 "To": "test_suite@notmuchmail.org",
88 "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
90 "sigstatus": [{"status": "good",
91 "fingerprint": "'$FINGERPRINT'",
93 "userid": " Notmuch Test Suite <test_suite@notmuchmail.org> (INSECURE!)"}],
94 "content-type": "multipart/signed",
96 "content-type": "text/plain",
97 "content": "This is a test signed message.\n"},
99 "content-type": "application/pgp-signature",
100 "content-length": "NONZERO"}]}]},
102 test_expect_equal_json \
106 test_begin_subtest "signature verification with signer key unavailable"
107 # move the gnupghome temporarily out of the way
108 mv "${GNUPGHOME}"{,.bak}
109 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
110 | notmuch_json_show_sanitize \
111 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
112 expected='[[[{"id": "XXXXX",
115 "filename": ["YYYYY"],
116 "timestamp": 946728000,
117 "date_relative": "2000-01-01",
118 "tags": ["inbox","signed"],
119 "headers": {"Subject": "test signed message 001",
120 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
121 "To": "test_suite@notmuchmail.org",
122 "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
124 "sigstatus": [{"status": "error",
125 "keyid": "'$(echo $FINGERPRINT | cut -c 25-)'",
126 "errors": {"key-missing": true}}],
127 "content-type": "multipart/signed",
128 "content": [{"id": 2,
129 "content-type": "text/plain",
130 "content": "This is a test signed message.\n"},
132 "content-type": "application/pgp-signature",
133 "content-length": "NONZERO"}]}]},
135 test_expect_equal_json \
138 mv "${GNUPGHOME}"{.bak,}
140 test_begin_subtest "emacs delivery of encrypted message with attachment"
141 # create a test encrypted message with attachment
142 cat <<EOF >TESTATTACHMENT
145 test_expect_success \
147 "test encrypted message 001" \
148 "This is a test encrypted message.\n" \
149 "(mml-attach-file \"TESTATTACHMENT\") (mml-secure-message-encrypt)"'
151 test_begin_subtest "decryption, --format=text"
152 output=$(notmuch show --format=text --decrypt subject:"test encrypted message 001" \
153 | notmuch_show_sanitize_all \
154 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
155 expected='
\fmessage{ id:XXXXX depth:0 match:1 excluded:0 filename:XXXXX
157 Notmuch Test Suite <test_suite@notmuchmail.org> (2000-01-01) (encrypted inbox)
158 Subject: test encrypted message 001
159 From: Notmuch Test Suite <test_suite@notmuchmail.org>
160 To: test_suite@notmuchmail.org
161 Date: Sat, 01 Jan 2000 12:00:00 +0000
164 \fpart{ ID: 1, Content-type: multipart/encrypted
165 \fpart{ ID: 2, Content-type: application/pgp-encrypted
166 Non-text part: application/pgp-encrypted
168 \fpart{ ID: 3, Content-type: multipart/mixed
169 \fpart{ ID: 4, Content-type: text/plain
170 This is a test encrypted message.
172 \fattachment{ ID: 5, Filename: TESTATTACHMENT, Content-type: application/octet-stream
173 Non-text part: application/octet-stream
183 test_begin_subtest "decryption, --format=json"
184 output=$(notmuch show --format=json --decrypt subject:"test encrypted message 001" \
185 | notmuch_json_show_sanitize \
186 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
187 expected='[[[{"id": "XXXXX",
190 "filename": ["YYYYY"],
191 "timestamp": 946728000,
192 "date_relative": "2000-01-01",
193 "tags": ["encrypted","inbox"],
194 "headers": {"Subject": "test encrypted message 001",
195 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
196 "To": "test_suite@notmuchmail.org",
197 "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
199 "encstatus": [{"status": "good"}],
201 "content-type": "multipart/encrypted",
202 "content": [{"id": 2,
203 "content-type": "application/pgp-encrypted",
204 "content-length": "NONZERO"},
206 "content-type": "multipart/mixed",
207 "content": [{"id": 4,
208 "content-type": "text/plain",
209 "content": "This is a test encrypted message.\n"},
211 "content-type": "application/octet-stream",
212 "content-disposition": "attachment",
213 "content-length": "NONZERO",
214 "content-transfer-encoding": "base64",
215 "filename": "TESTATTACHMENT"}]}]}]},
217 test_expect_equal_json \
221 test_begin_subtest "decryption, --format=json, --part=4"
222 output=$(notmuch show --format=json --part=4 --decrypt subject:"test encrypted message 001" \
223 | notmuch_json_show_sanitize \
224 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
226 "content-type": "text/plain",
227 "content": "This is a test encrypted message.\n"}'
228 test_expect_equal_json \
232 test_begin_subtest "decrypt attachment (--part=5 --format=raw)"
237 subject:"test encrypted message 001" >OUTPUT
238 test_expect_equal_file TESTATTACHMENT OUTPUT
240 test_begin_subtest "decryption failure with missing key"
241 mv "${GNUPGHOME}"{,.bak}
242 output=$(notmuch show --format=json --decrypt subject:"test encrypted message 001" \
243 | notmuch_json_show_sanitize \
244 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
245 expected='[[[{"id": "XXXXX",
248 "filename": ["YYYYY"],
249 "timestamp": 946728000,
250 "date_relative": "2000-01-01",
251 "tags": ["encrypted","inbox"],
252 "headers": {"Subject": "test encrypted message 001",
253 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
254 "To": "test_suite@notmuchmail.org",
255 "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
257 "encstatus": [{"status": "bad"}],
258 "content-type": "multipart/encrypted",
259 "content": [{"id": 2,
260 "content-type": "application/pgp-encrypted",
261 "content-length": "NONZERO"},
263 "content-type": "application/octet-stream",
264 "content-length": "NONZERO"}]}]},
266 test_expect_equal_json \
269 mv "${GNUPGHOME}"{.bak,}
271 test_begin_subtest "emacs delivery of encrypted + signed message"
272 test_expect_success \
274 "test encrypted message 002" \
275 "This is another test encrypted message.\n" \
276 "(mml-secure-message-sign-encrypt)"'
278 test_begin_subtest "decryption + signature verification"
279 output=$(notmuch show --format=json --decrypt subject:"test encrypted message 002" \
280 | notmuch_json_show_sanitize \
281 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
282 expected='[[[{"id": "XXXXX",
285 "filename": ["YYYYY"],
286 "timestamp": 946728000,
287 "date_relative": "2000-01-01",
288 "tags": ["encrypted","inbox"],
289 "headers": {"Subject": "test encrypted message 002",
290 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
291 "To": "test_suite@notmuchmail.org",
292 "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
294 "encstatus": [{"status": "good"}],
295 "sigstatus": [{"status": "good",
296 "fingerprint": "'$FINGERPRINT'",
297 "created": 946728000,
298 "userid": " Notmuch Test Suite <test_suite@notmuchmail.org> (INSECURE!)"}],
299 "content-type": "multipart/encrypted",
300 "content": [{"id": 2,
301 "content-type": "application/pgp-encrypted",
302 "content-length": "NONZERO"},
304 "content-type": "text/plain",
305 "content": "This is another test encrypted message.\n"}]}]},
307 test_expect_equal_json \
311 test_begin_subtest "reply to encrypted message"
312 output=$(notmuch reply --decrypt subject:"test encrypted message 002" \
313 | grep -v -e '^In-Reply-To:' -e '^References:')
314 expected='From: Notmuch Test Suite <test_suite@notmuchmail.org>
315 Subject: Re: test encrypted message 002
317 On 01 Jan 2000 12:00:00 -0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
318 > This is another test encrypted message.'
323 test_begin_subtest "Reply within emacs to an encrypted message"
324 test_emacs "(let ((message-hidden-headers '())
325 (notmuch-crypto-process-mime 't))
326 (notmuch-show \"subject:test.encrypted.message.002\")
329 # the empty To: is probably a bug, but it's not to do with encryption
330 grep -v -e '^In-Reply-To:' -e '^References:' -e '^Fcc:' -e 'To:' < OUTPUT > OUTPUT.clean
332 From: Notmuch Test Suite <test_suite@notmuchmail.org>
333 Subject: Re: test encrypted message 002
334 --text follows this line--
335 <#secure method=pgpmime mode=signencrypt>
336 Notmuch Test Suite <test_suite@notmuchmail.org> writes:
338 > This is another test encrypted message.
340 test_expect_equal_file EXPECTED OUTPUT.clean
342 test_begin_subtest "signature verification with revoked key"
343 # generate revocation certificate and load it to revoke key
346 Notmuch Test Suite key revocation (automated) $(date '+%F_%T%z')
351 | gpg --no-tty --quiet --command-fd 0 --armor --gen-revoke "0x${FINGERPRINT}!" 2>/dev/null \
352 | gpg --no-tty --quiet --import
353 output=$(notmuch show --format=json --verify subject:"test signed message 001" \
354 | notmuch_json_show_sanitize \
355 | sed -e 's|"created": [1234567890]*|"created": 946728000|')
356 expected='[[[{"id": "XXXXX",
359 "filename": ["YYYYY"],
360 "timestamp": 946728000,
361 "date_relative": "2000-01-01",
362 "tags": ["inbox","signed"],
363 "headers": {"Subject": "test signed message 001",
364 "From": "Notmuch Test Suite <test_suite@notmuchmail.org>",
365 "To": "test_suite@notmuchmail.org",
366 "Date": "Sat, 01 Jan 2000 12:00:00 +0000"},
368 "sigstatus": [{"status": "error",
369 "keyid": "6D92612D94E46381",
370 "errors": {"key-revoked": true}}],
371 "content-type": "multipart/signed",
372 "content": [{"id": 2,
373 "content-type": "text/plain",
374 "content": "This is a test signed message.\n"},
376 "content-type": "application/pgp-signature",
377 "content-length": "NONZERO"}]}]},
379 test_expect_equal_json \