From eee068778cb28ecf3c14e1bf843a95547d72c42d Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 18:14:06 +0200 Subject: Adding upstream version 2.2.40. Signed-off-by: Daniel Baumann --- tests/openpgp/tofu/cross-sigs/README | 79 ++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 tests/openpgp/tofu/cross-sigs/README (limited to 'tests/openpgp/tofu/cross-sigs/README') diff --git a/tests/openpgp/tofu/cross-sigs/README b/tests/openpgp/tofu/cross-sigs/README new file mode 100644 index 0000000..439962b --- /dev/null +++ b/tests/openpgp/tofu/cross-sigs/README @@ -0,0 +1,79 @@ +# How I generate the keys and messages to verify: + +# Generate and export two non-conflicting keys. +gpg --quick-gen-key 'Spy Cow ' +gpg --quick-gen-key 'Spy R. Cow ' + +KEYIDA=1938C3A0E4674B6C217AC0B987DB2814EC38277E +KEYIDB=DC463A16E42F03240D76E8BA8B48C6BD871C2247 + +for KEYID in $KEYIDA $KEYIDB +do + gpg --export $KEYID > tofu-$KEYID.gpg + gpg --export-secret-keys $KEYID > tofu-$KEYID-secret.gpg +done + +# Sign some data. +echo foo | gpg --default-key $KEYIDA -s > tofu-$KEYIDA-1.txt +echo foo | gpg --default-key $KEYIDB -s > tofu-$KEYIDB-1.txt + +# Again, but with an issuer. +echo foo | gpg --default-key "" -s > tofu-$KEYIDA-2.txt +echo foo | gpg --default-key "" -s > tofu-$KEYIDB-2.txt + +# Have A sign B and vice versa. +gpg --default-key $KEYIDA --quick-sign $KEYIDB +gpg --default-key $KEYIDB --quick-sign $KEYIDA + +gpg --export $KEYIDA > tofu-$KEYIDA-2.gpg +gpg --export $KEYIDB > tofu-$KEYIDB-2.gpg + +# Cause A and B to conflict. +gpg --quick-adduid $KEYIDB 'Spy R. Cow ' +gpg --export $KEYIDB > tofu-$KEYIDB-3.gpg + +echo foo | gpg --default-key "" -s > tofu-$KEYIDA-3.txt +echo foo | gpg --default-key "" -s > tofu-$KEYIDB-3.txt + +# Have A sign B's conflicting user id. +gpg --default-key $KEYIDA --quick-sign $KEYIDB +gpg --export $KEYIDB > tofu-$KEYIDB-4.gpg + +exit 0 + +# In a new directory (so the keys are not ultimately trusted). + +D=~/neal/work/gpg/test +echo 'trust-model tofu+pgp' > gpg.conf +gpg --import $D/tofu-$KEYIDA.gpg +gpg --import $D/tofu-$KEYIDB.gpg +gpg -k + +gpg --verify $D/tofu-$KEYIDA-1.txt +gpg --verify $D/tofu-$KEYIDB-1.txt +# With an issuer. +gpg --verify $D/tofu-$KEYIDA-2.txt +gpg --verify $D/tofu-$KEYIDB-2.txt + +# Import the cross signatures. +gpg --import $D/tofu-$KEYIDA-2.gpg +gpg --import $D/tofu-$KEYIDB-2.gpg +gpg -k + +gpg --verify $D/tofu-$KEYIDA-1.txt +gpg --verify $D/tofu-$KEYIDB-1.txt +# With an issuer. +gpg --verify $D/tofu-$KEYIDA-2.txt +gpg --verify $D/tofu-$KEYIDB-2.txt + + +gpg --status-fd=1 --batch --verify $D/tofu-$KEYIDA-3.txt | grep TRUST_UNDEFINED +gpg --status-fd=1 --batch --verify $D/tofu-$KEYIDB-3.txt | grep TRUST_UNDEFINED + +# Import the conflicting user id. +gpg --import $D/tofu-$KEYIDB-3.gpg +gpg -k + +# Import the cross signature, which should remove the conflict. +gpg --import $D/tofu-$KEYIDB-4.gpg +gpg -k -- cgit v1.2.3