From 40e957c62203ebdd504e0fc330f193106109d8d4 Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Fri, 16 Sep 2022 12:24:14 +0200 Subject: [PATCH] Replace aging OpenPGP artifacts in the epg tests. This replaces the old OpenPGPv4 key that is used in the test suite with a more modern OpenPGPv4 key. The key is the Alice key from https://datatracker.ietf.org/doc/draft-bre-openpgp-samples/. All cryptographic artifacts in the test suite are updated accordingly. Having old cryptographic artifacts in the test suite presents a problem once the old algorithms are rejected by contemporary implementations. --- test/lisp/epg-resources/pubkey.asc | 28 ++++++++----------- test/lisp/epg-resources/seckey.asc | 43 +++++++++--------------------- test/lisp/epg-tests.el | 19 +++++++------ 3 files changed, 33 insertions(+), 57 deletions(-) diff --git a/test/lisp/epg-resources/pubkey.asc b/test/lisp/epg-resources/pubkey.asc index c0bf28f6200..241051067f0 100644 --- a/test/lisp/epg-resources/pubkey.asc +++ b/test/lisp/epg-resources/pubkey.asc @@ -1,20 +1,14 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1 +Comment: Alice's OpenPGP certificate -mI0EVRDxCAEEALcScrRmxq5N+Hh+NxPg75RJJdtEi824pwtqMlT/3wG1esmP5gNu -ZIPVaTTSGNZkEzeYdhaLXBUe5qD+RQIQVh+MLt9nisF9nD35imyOrhHwAHnglOPx -GdylH8nQ/tIO5p/lfUlw+iCBlPH7eZHqFJhwP0hJML4PKE8ArWG6RtsxABEBAAG0 -J0pvZSBUZXN0ZXIgKHRlc3Qga2V5KSA8am9lQGV4YW1wbGUuY29tPoi4BBMBAgAi -BQJVEPEIAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAoscCWMvu4GGYO -A/0Zzoc2z/dvAtFVLh4ovKqP2qliQt2qschJHVP30hJnKT7dmJfJl7kz9mXmMfSt -Ym0luYmeSzdeWORM9SygLRYXuDfN6G4ZPJTlsRhgnARhNzNhSx+YlcFh48Z+a5zR -goBMn7DgYVqfU4UteZOSXMlnuA2Z5ao1qgGhVqESSJgU5riNBFUQ8QgBBADacLkK -D0U11nmlsScxPGkrDr0aJPrG8MEaDRnKjHJKNp3XTp1psGBUpWF/ErjQAIu+psFt -LO8owCGsg/vJM7CzTv2dVBRbrZXjIKvdq7HdivosTMaHArQBpEtSO9rmgVHO+jaQ -q/M2oGvNEB86zo3nfTWhOgBiB32m8kttWRiuWQARAQABiJ8EGAECAAkFAlUQ8QgC -GwwACgkQKLHAljL7uBj44AQAkMJRm7VJUryrDKFtfIfytQx/vmyU/cZcVV6IpKqP -KhztgR+QD9czlHvQhz+y3hqtLRShu2Eyf75dNexcUvKs/lS4LIDXg5V7pWSRk9eQ -G403muqR/NGu6+QmUx09rJl72trdaGxNkyHA7Zy7ZDGkcMvQsd3qoSNGsPR5TKes -w7Q= -=NMxb +mDMEXEcE6RYJKwYBBAHaRw8BAQdArjWwk3FAqyiFbFBKT4TzXcVBqPTB3gmzlC/U +b7O1u120JkFsaWNlIExvdmVsYWNlIDxhbGljZUBvcGVucGdwLmV4YW1wbGU+iJAE +ExYIADgCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQTrhbtfozp14V6UTmPy +MVUMT0fjjgUCXaWfOgAKCRDyMVUMT0fjjukrAPoDnHBSogOmsHOsd9qGsiZpgRnO +dypvbm+QtXZqth9rvwD9HcDC0tC+PHAsO7OTh1S1TC9RiJsvawAfCPaQZoed8gK4 +OARcRwTpEgorBgEEAZdVAQUBAQdAQv8GIa2rSTzgqbXCpDDYMiKRVitCsy203x3s +E9+eviIDAQgHiHgEGBYIACAWIQTrhbtfozp14V6UTmPyMVUMT0fjjgUCXEcE6QIb +DAAKCRDyMVUMT0fjjlnQAQDFHUs6TIcxrNTtEZFjUFm1M0PJ1Dng/cDW4xN80fsn +0QEA22Kr7VkCjeAEC08VSTeV+QFsmz55/lntWkwYWhmvOgE= +=iIGO -----END PGP PUBLIC KEY BLOCK----- diff --git a/test/lisp/epg-resources/seckey.asc b/test/lisp/epg-resources/seckey.asc index 4ac7ba4a502..af11bec899b 100644 --- a/test/lisp/epg-resources/seckey.asc +++ b/test/lisp/epg-resources/seckey.asc @@ -1,33 +1,16 @@ -----BEGIN PGP PRIVATE KEY BLOCK----- -Version: GnuPG v1 +Comment: Alice's OpenPGP Transferable Secret Key -lQHYBFUQ8QgBBAC3EnK0ZsauTfh4fjcT4O+USSXbRIvNuKcLajJU/98BtXrJj+YD -bmSD1Wk00hjWZBM3mHYWi1wVHuag/kUCEFYfjC7fZ4rBfZw9+Ypsjq4R8AB54JTj -8RncpR/J0P7SDuaf5X1JcPoggZTx+3mR6hSYcD9ISTC+DyhPAK1hukbbMQARAQAB -AAP9Hs9agZTobA5QOksXjt9kwqJ63gePtbwVVNz3AoobaGi39PMkRUCPZwaEEbEo -H/CwsUMV4J5sjVtpef/A8mN4csai7NYp82mbo+dPim4p+SUtBg4Ms8ujGVcQeRQd -1CXtIkixDu6fw4wDtNw03ZyNJOhBOXVTgAyOTSlIz3D+6n8CAMeCqEFBHQIVoQpf -Bza4YvFtJRdfGMTix3u7Cb6y9CHGBok7uUgQAeWnzQvMGTCHc3e8iHGAYBQ88GPF -v1TpiusCAOroRe69Aiid5JMVTjWoJ0SHKd47nIj0gQFiDfa5de0BNq9gYj7JLg+R -EjsJbJN39z+Z9HWjIOCUOIXDvucmM1MB/iNxW1Z8mEMflEYK5rop+PDxwqUbr8uZ -kzogw98ZdmuEuN0bheGWUiJI+0Pd8jb40zlR1KgOEMx1mZchToAJdtybMLQnSm9l -IFRlc3RlciAodGVzdCBrZXkpIDxqb2VAZXhhbXBsZS5jb20+iLgEEwECACIFAlUQ -8QgCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJECixwJYy+7gYZg4D/RnO -hzbP928C0VUuHii8qo/aqWJC3aqxyEkdU/fSEmcpPt2Yl8mXuTP2ZeYx9K1ibSW5 -iZ5LN15Y5Ez1LKAtFhe4N83obhk8lOWxGGCcBGE3M2FLH5iVwWHjxn5rnNGCgEyf -sOBhWp9ThS15k5JcyWe4DZnlqjWqAaFWoRJImBTmnQHYBFUQ8QgBBADacLkKD0U1 -1nmlsScxPGkrDr0aJPrG8MEaDRnKjHJKNp3XTp1psGBUpWF/ErjQAIu+psFtLO8o -wCGsg/vJM7CzTv2dVBRbrZXjIKvdq7HdivosTMaHArQBpEtSO9rmgVHO+jaQq/M2 -oGvNEB86zo3nfTWhOgBiB32m8kttWRiuWQARAQABAAP7B8uNtb/DLvGoRfL+mA0Q -REhgOJ1WpRcU6rvKYNPh8xTkKMvM+EK0nVU/znBedEpXjb0pY1WRT0uvXs2pzY2V -YeaugyKIkdUpPWnyWoEQwI8hFvHOWmU2rNHyXLW0MY7bxcGgqv2XbkL4m7/D6VQS -SR8hQ2CxBbW+9ov6aBMwv/UCAOW89+5xxuzkv48AVraWlMnaU0ggVOf6ht0Qa40+ -+uw2yziNlD403gAAAycoICiB/oqwslx61B2xOHn0laCKrgsCAPNpIsHRlAwWbAsq -uCtfIQxg+C3mPXkqsNTMjeK5NjLNytrmO49NXco36zVEG6q7qz5Zj9d9IPYoGOSa -I+dQZ6sB/RKF5aonR5/e7IHJgc8BG7I0yiya4llE0AB9ghnRI/3uHwnCBnmo/32a -n4+rQkx6vm+rg3JA/09Gi7W4R9SwV+ane4ifBBgBAgAJBQJVEPEIAhsMAAoJECix -wJYy+7gY+OAEAJDCUZu1SVK8qwyhbXyH8rUMf75slP3GXFVeiKSqjyoc7YEfkA/X -M5R70Ic/st4arS0UobthMn++XTXsXFLyrP5UuCyA14OVe6VkkZPXkBuNN5rqkfzR -ruvkJlMdPayZe9ra3WhsTZMhwO2cu2QxpHDL0LHd6qEjRrD0eUynrMO0 -=iCIm +lFgEXEcE6RYJKwYBBAHaRw8BAQdArjWwk3FAqyiFbFBKT4TzXcVBqPTB3gmzlC/U +b7O1u10AAP9XBeW6lzGOLx7zHH9AsUDUTb2pggYGMzd0P3ulJ2AfvQ4RtCZBbGlj +ZSBMb3ZlbGFjZSA8YWxpY2VAb3BlbnBncC5leGFtcGxlPoiQBBMWCAA4AhsDBQsJ +CAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE64W7X6M6deFelE5j8jFVDE9H444FAl2l +nzoACgkQ8jFVDE9H447pKwD6A5xwUqIDprBzrHfahrImaYEZzncqb25vkLV2arYf +a78A/R3AwtLQvjxwLDuzk4dUtUwvUYibL2sAHwj2kGaHnfICnF0EXEcE6RIKKwYB +BAGXVQEFAQEHQEL/BiGtq0k84Km1wqQw2DIikVYrQrMttN8d7BPfnr4iAwEIBwAA +/3/xFPG6U17rhTuq+07gmEvaFYKfxRB6sgAYiW6TMTpQEK6IeAQYFggAIBYhBOuF +u1+jOnXhXpROY/IxVQxPR+OOBQJcRwTpAhsMAAoJEPIxVQxPR+OOWdABAMUdSzpM +hzGs1O0RkWNQWbUzQ8nUOeD9wNbjE3zR+yfRAQDbYqvtWQKN4AQLTxVJN5X5AWyb +Pnn+We1aTBhaGa86AQ== +=n8OM -----END PGP PRIVATE KEY BLOCK----- diff --git a/test/lisp/epg-tests.el b/test/lisp/epg-tests.el index 65aaafd9f18..dca6f337647 100644 --- a/test/lisp/epg-tests.el +++ b/test/lisp/epg-tests.el @@ -101,16 +101,15 @@ (ert-deftest epg-decrypt-1 () :expected-result (if (getenv "EMACS_HYDRA_CI") :failed :passed) ; fixme (with-epg-tests (:require-passphrase t) - (with-temp-file (expand-file-name "gpg.conf" epg-tests-home-directory) - (insert "ignore-mdc-error")) (should (equal "test" (epg-decrypt-string epg-tests-context "\ -----BEGIN PGP MESSAGE----- -Version: GnuPG v2 -jA0EAwMCE19JBLTvvmhgyRrGGglRbnKkK9PJG8fDwO5ccjysrR7IcdNcnA== -=U8z7 ------END PGP MESSAGE-----"))))) +jA0ECQMCdW8+qtS9Tin/0jUBO1/9Oz69BWPmtFKEeBM62WpFP4o1+bNzdxogdyeg ++WTt292OD0yV85m5UqvLgp4ttVUmAw== +=K5Eh +-----END PGP MESSAGE----- +"))))) (ert-deftest epg-roundtrip-1 () :expected-result (if (getenv "EMACS_HYDRA_CI") :failed :passed) ; fixme @@ -123,7 +122,7 @@ jA0EAwMCE19JBLTvvmhgyRrGGglRbnKkK9PJG8fDwO5ccjysrR7IcdNcnA== (with-epg-tests (:require-passphrase t :require-public-key t :require-secret-key t) - (let* ((recipients (epg-list-keys epg-tests-context "joe@example.com")) + (let* ((recipients (epg-list-keys epg-tests-context "alice@openpgp.example")) (cipher (epg-encrypt-string epg-tests-context "public key" recipients nil t))) (should (equal "public key" @@ -135,7 +134,7 @@ jA0EAwMCE19JBLTvvmhgyRrGGglRbnKkK9PJG8fDwO5ccjysrR7IcdNcnA== :require-secret-key t) (let (signature verify-result) (setf (epg-context-signers epg-tests-context) - (epg-list-keys epg-tests-context "joe@example.com")) + (epg-list-keys epg-tests-context "alice@openpgp.example")) (setq signature (epg-sign-string epg-tests-context "signed" t)) (epg-verify-string epg-tests-context signature "signed") (setq verify-result (epg-context-result-for context 'verify)) @@ -148,7 +147,7 @@ jA0EAwMCE19JBLTvvmhgyRrGGglRbnKkK9PJG8fDwO5ccjysrR7IcdNcnA== :require-secret-key t) (let (signature verify-result) (setf (epg-context-signers epg-tests-context) - (epg-list-keys epg-tests-context "joe@example.com")) + (epg-list-keys epg-tests-context "alice@openpgp.example")) (setq signature (epg-sign-string epg-tests-context "clearsigned" 'clear)) ;; Clearsign signature always ends with a new line. (should (equal "clearsigned\n" @@ -163,7 +162,7 @@ jA0EAwMCE19JBLTvvmhgyRrGGglRbnKkK9PJG8fDwO5ccjysrR7IcdNcnA== :require-secret-key t) (let (signature verify-result) (setf (epg-context-signers epg-tests-context) - (epg-list-keys epg-tests-context "joe@example.com")) + (epg-list-keys epg-tests-context "alice@openpgp.example")) (setq signature (epg-sign-string epg-tests-context "normal signed")) (should (equal "normal signed" (epg-verify-string epg-tests-context signature))) -- 2.39.2