# - verification of signatures from expired/revoked keys
test_description='PGP/MIME signature verification and decryption'
-. ./test-lib.sh
+. ./test-lib.sh || exit 1
add_gnupg_home ()
{
##################################################
add_gnupg_home
-# get key fingerprint
-FINGERPRINT=$(gpg --no-tty --list-secret-keys --with-colons --fingerprint | grep '^fpr:' | cut -d: -f10)
+# Change this if we ship a new test key
+FINGERPRINT="5AEAB11F5E33DCE875DDB75B6D92612D94E46381"
test_expect_success 'emacs delivery of signed message' \
'emacs_fcc_message \
expected='[[[{"id": "XXXXX",
"match": true,
"excluded": false,
- "filename": "YYYYY",
+ "filename": ["YYYYY"],
"timestamp": 946728000,
"date_relative": "2000-01-01",
"tags": ["inbox","signed"],
"content": "This is a test signed message.\n"},
{"id": 3,
"content-type": "application/pgp-signature",
- "content-length": 280}]}]},
+ "content-length": "NONZERO"}]}]},
[]]]]'
test_expect_equal_json \
"$output" \
expected='[[[{"id": "XXXXX",
"match": true,
"excluded": false,
- "filename": "YYYYY",
+ "filename": ["YYYYY"],
"timestamp": 946728000,
"date_relative": "2000-01-01",
"tags": ["inbox","signed"],
"content": "This is a test signed message.\n"},
{"id": 3,
"content-type": "application/pgp-signature",
- "content-length": 280}]}]},
+ "content-length": "NONZERO"}]}]},
[]]]]'
test_expect_equal_json \
"$output" \
expected='[[[{"id": "XXXXX",
"match": true,
"excluded": false,
- "filename": "YYYYY",
+ "filename": ["YYYYY"],
"timestamp": 946728000,
"date_relative": "2000-01-01",
"tags": ["inbox","signed"],
"content": "This is a test signed message.\n"},
{"id": 3,
"content-type": "application/pgp-signature",
- "content-length": 280}]}]},
+ "content-length": "NONZERO"}]}]},
[]]]]'
test_expect_equal_json \
"$output" \
expected='[[[{"id": "XXXXX",
"match": true,
"excluded": false,
- "filename": "YYYYY",
+ "filename": ["YYYYY"],
"timestamp": 946728000,
"date_relative": "2000-01-01",
"tags": ["encrypted","inbox"],
"content-type": "multipart/encrypted",
"content": [{"id": 2,
"content-type": "application/pgp-encrypted",
- "content-length": 11},
+ "content-length": "NONZERO"},
{"id": 3,
"content-type": "multipart/mixed",
"content": [{"id": 4,
"content": "This is a test encrypted message.\n"},
{"id": 5,
"content-type": "application/octet-stream",
- "content-length": 28,
+ "content-length": "NONZERO",
"content-transfer-encoding": "base64",
"filename": "TESTATTACHMENT"}]}]}]},
[]]]]'
test_begin_subtest "decryption failure with missing key"
mv "${GNUPGHOME}"{,.bak}
-# The length of the encrypted attachment varies so must be normalized.
output=$(notmuch show --format=json --decrypt subject:"test encrypted message 001" \
| notmuch_json_show_sanitize \
- | sed -e 's|"created": [1234567890]*|"created": 946728000|' \
- | sed -e 's|"content-length": 6[1234567890]*|"content-length": 652|')
+ | sed -e 's|"created": [1234567890]*|"created": 946728000|')
expected='[[[{"id": "XXXXX",
"match": true,
"excluded": false,
- "filename": "YYYYY",
+ "filename": ["YYYYY"],
"timestamp": 946728000,
"date_relative": "2000-01-01",
"tags": ["encrypted","inbox"],
"content-type": "multipart/encrypted",
"content": [{"id": 2,
"content-type": "application/pgp-encrypted",
- "content-length": 11},
+ "content-length": "NONZERO"},
{"id": 3,
"content-type": "application/octet-stream",
- "content-length": 652}]}]},
+ "content-length": "NONZERO"}]}]},
[]]]]'
test_expect_equal_json \
"$output" \
expected='[[[{"id": "XXXXX",
"match": true,
"excluded": false,
- "filename": "YYYYY",
+ "filename": ["YYYYY"],
"timestamp": 946728000,
"date_relative": "2000-01-01",
"tags": ["encrypted","inbox"],
"content-type": "multipart/encrypted",
"content": [{"id": 2,
"content-type": "application/pgp-encrypted",
- "content-length": 11},
+ "content-length": "NONZERO"},
{"id": 3,
"content-type": "text/plain",
"content": "This is another test encrypted message.\n"}]}]},
"$output" \
"$expected"
+test_begin_subtest "Reply within emacs to an encrypted message"
+test_emacs "(let ((message-hidden-headers '())
+ (notmuch-crypto-process-mime 't))
+ (notmuch-show \"subject:test.encrypted.message.002\")
+ (notmuch-show-reply)
+ (test-output))"
+# the empty To: is probably a bug, but it's not to do with encryption
+grep -v -e '^In-Reply-To:' -e '^References:' -e '^Fcc:' -e 'To:' < OUTPUT > OUTPUT.clean
+cat <<EOF >EXPECTED
+From: Notmuch Test Suite <test_suite@notmuchmail.org>
+Subject: Re: test encrypted message 002
+--text follows this line--
+<#secure method=pgpmime mode=signencrypt>
+Notmuch Test Suite <test_suite@notmuchmail.org> writes:
+
+> This is another test encrypted message.
+EOF
+test_expect_equal_file EXPECTED OUTPUT.clean
+
test_begin_subtest "signature verification with revoked key"
# generate revocation certificate and load it to revoke key
echo "y
expected='[[[{"id": "XXXXX",
"match": true,
"excluded": false,
- "filename": "YYYYY",
+ "filename": ["YYYYY"],
"timestamp": 946728000,
"date_relative": "2000-01-01",
"tags": ["inbox","signed"],
"content": "This is a test signed message.\n"},
{"id": 3,
"content-type": "application/pgp-signature",
- "content-length": 280}]}]},
+ "content-length": "NONZERO"}]}]},
[]]]]'
test_expect_equal_json \
"$output" \
projects / notmuch / blobdiff