[git] GnuPG - branch, master, updated. gnupg-2.1.23-9-gc23a699
by Damien Goutte-Gattat
cvs at cvs.gnupg.org
Mon Aug 21 17:13:37 CEST 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via c23a69970ba38edae9d3b2603825d18fbb732423 (commit)
via cbe54b28bf3610204e12c50c0606df37337a1156 (commit)
via 0161225457e0609509d0d5f4b80a60a1071b4b48 (commit)
from 6e596b2a745ae7a75a69038cf00ab4bbae1cebaa (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c23a69970ba38edae9d3b2603825d18fbb732423
Author: Damien Goutte-Gattat <dgouttegattat at incenp.org>
Date: Wed Jul 19 22:17:29 2017 +0200
tests: Add tests for the PGP trust model.
* tests/openpgp/trust-pgp-1.scm: New file.
* tests/openpgp/trust-pgp-2.scm: New file.
* tests/openpgp/trust-pgp-3.scm: New file.
* tests/openpgp/trust-pgp-4.scm: New file.
* tests/openpgp/trust-pgp/common.scm: New file.
* tests/openpgp/trust-pgp/scenario1.asc: New file.
* tests/openpgp/trust-pgp/scenario2.asc: New file.
* tests/openpgp/trust-pgp/scenario3.asc: New file.
* tests/openpgp/trust-pgp/scenario4.asc: New file.
* tests/openpgp/trust-pgp/alice.sec.asc: New file.
* tests/openpgp/trust-pgp/bobby.sec.asc: New file.
* tests/openpgp/trust-pgp/carol.sec.asc: New file.
* tests/openpgp/trust-pgp/david.sec.asc: New file.
* tests/openpgp/trust-pgp/frank.sec.asc: New file.
* tests/openpgp/trust-pgp/grace.sec.asc: New file.
* tests/openpgp/trust-pgp/heidi.sec.asc: New file.
* tests/openpgp/Makefile.am (XTESTS): Add new tests.
(TEST_FILES): Add new files.
(EXTRA_DIST): Add new common file.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index 506bce5..c87dd0a 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -82,6 +82,10 @@ XTESTS = \
ecc.scm \
4gb-packet.scm \
tofu.scm \
+ trust-pgp-1.scm \
+ trust-pgp-2.scm \
+ trust-pgp-3.scm \
+ trust-pgp-4.scm! \
gpgtar.scm \
use-exact-key.scm \
default-key.scm \
@@ -158,7 +162,18 @@ TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
key-selection/1.asc \
key-selection/2.asc \
key-selection/3.asc \
- key-selection/4.asc
+ key-selection/4.asc \
+ trust-pgp/scenario1.asc \
+ trust-pgp/scenario2.asc \
+ trust-pgp/scenario3.asc \
+ trust-pgp/scenario4.asc \
+ trust-pgp/alice.sec.asc \
+ trust-pgp/bobby.sec.asc \
+ trust-pgp/carol.sec.asc \
+ trust-pgp/david.sec.asc \
+ trust-pgp/frank.sec.asc \
+ trust-pgp/grace.sec.asc \
+ trust-pgp/heidi.sec.asc
data_files = data-500 data-9000 data-32000 data-80000 plain-large
@@ -248,7 +263,7 @@ sample_msgs = samplemsgs/clearsig-1-key-1.asc \
samplemsgs/signed-2-keys-1.asc \
samplemsgs/signed-2-keys-2.asc
-EXTRA_DIST = defs.scm $(XTESTS) $(TEST_FILES) \
+EXTRA_DIST = defs.scm trust-pgp/common.scm $(XTESTS) $(TEST_FILES) \
mkdemodirs signdemokey $(priv_keys) $(sample_keys) \
$(sample_msgs) ChangeLog-2011 run-tests.scm \
setup.scm shell.scm all-tests.scm signed-messages.scm
diff --git a/tests/openpgp/trust-pgp-1.scm b/tests/openpgp/trust-pgp-1.scm
new file mode 100755
index 0000000..235cb55
--- /dev/null
+++ b/tests/openpgp/trust-pgp-1.scm
@@ -0,0 +1,76 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2017 Damien Goutte-Gattat
+;;
+;; This file is part of GnuPG.
+;;
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (in-srcdir "tests" "openpgp" "trust-pgp" "common.scm"))
+
+(display "Checking basic WoT (classic trust model)...\n")
+
+(initscenario "scenario1")
+
+;; Check initial state.
+(checktrust BOBBY "f") ;; Directly signed by Alice's key.
+(checktrust CAROL "q") ;; Signed by Bobby, whose key has
+ ;; no explicit ownertrust.
+(checktrust DAVID "q") ;; Likewise.
+(checktrust FRANK "q") ;; Likewise.
+(checktrust GRACE "-") ;; Signed by the previous three keys;
+ ;; not evaluated since they are not valid.
+
+;; Let's trust Bobby.
+;; This should make Carol's, David's, and Frank's keys valid.
+(setownertrust BOBBY FULLTRUST)
+(updatetrustdb)
+(checktrust CAROL "f")
+(checktrust DAVID "f")
+(checktrust FRANK "f")
+(checktrust GRACE "q") ;; Now evaluated, but validity still unknown.
+
+;; Let's trust (marginally) Carol and David.
+;; This should not be enough to make Grace's key fully valid
+;; since marginals-needed defaults to 3.
+(setownertrust CAROL MARGINALTRUST)
+(setownertrust DAVID MARGINALTRUST)
+(updatetrustdb)
+(checktrust GRACE "m")
+
+;; Add marginal ownertrust to Frank's key.
+;; This should make Grace's key fully valid.
+(setownertrust FRANK MARGINALTRUST)
+(updatetrustdb)
+(checktrust GRACE "f")
+
+;; Now let's play with the length of certification chains.
+;; Setting max-cert-length to 2 should put Grace's key
+;; one step too far from Alice's key.
+(let ((max-cert-depth (gpg-config 'gpg "max-cert-depth")))
+ (max-cert-depth::update 2))
+(updatetrustdb)
+(checktrust GRACE "-")
+
+;; Raise the bar for assigning full validity.
+;; Bobby's key should be the only one retaining full validity.
+(let ((completes-needed (gpg-config 'gpg "completes-needed")))
+ (completes-needed::update 2))
+(updatetrustdb)
+(checktrust BOBBY "f")
+(checktrust CAROL "m")
+(checktrust DAVID "m")
+(checktrust FRANK "m")
+(checktrust GRACE "-")
diff --git a/tests/openpgp/trust-pgp-2.scm b/tests/openpgp/trust-pgp-2.scm
new file mode 100755
index 0000000..a56d0a9
--- /dev/null
+++ b/tests/openpgp/trust-pgp-2.scm
@@ -0,0 +1,39 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2017 Damien Goutte-Gattat
+;;
+;; This file is part of GnuPG.
+;;
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (in-srcdir "tests" "openpgp" "trust-pgp" "common.scm"))
+
+(display "Checking WoT with trust signatures (PGP trust model)...\n")
+
+(initscenario "scenario2")
+
+(checktrust BOBBY "f") ;; Tsigned by Alice with trust=120.
+(checktrust CAROL "f") ;; Signed by Bobby, whose key should have full
+ ;; ownertrust due to the tsig.
+(checktrust DAVID "f") ;; Signed by Alice.
+(checktrust FRANK "q") ;; Tsigned by David, whose key has no ownertrust.
+(checktrust GRACE "-") ;; Signed by Frank.
+
+(setownertrust DAVID FULLTRUST)
+(updatetrustdb)
+(checktrust FRANK "f") ;; David's key has now full ownertrust.
+(checktrust GRACE "q") ;; David is not authorized to emit tsigs,
+ ;; so his tsig on Frank's key should be treated
+ ;; like a normal sig (confering no ownertrust).
diff --git a/tests/openpgp/trust-pgp-3.scm b/tests/openpgp/trust-pgp-3.scm
new file mode 100755
index 0000000..33832db
--- /dev/null
+++ b/tests/openpgp/trust-pgp-3.scm
@@ -0,0 +1,31 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2017 Damien Goutte-Gattat
+;;
+;; This file is part of GnuPG.
+;;
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (in-srcdir "tests" "openpgp" "trust-pgp" "common.scm"))
+
+(display "Checking max depth of trust signature chains...\n")
+
+(initscenario "scenario3")
+
+(checktrust BOBBY "f") ;; Tsigned by Alice (level=2, trust=120).
+(checktrust CAROL "f") ;; Tsigned by Bobby (level=2, trust=120).
+(checktrust DAVID "f") ;; Tsigned by Carol (level=2, trust=120).
+(checktrust FRANK "q") ;; The tsig from Carol does not confer
+ ;; ownertrust to David's key (too deep).
diff --git a/tests/openpgp/trust-pgp-4.scm b/tests/openpgp/trust-pgp-4.scm
new file mode 100755
index 0000000..17746a5
--- /dev/null
+++ b/tests/openpgp/trust-pgp-4.scm
@@ -0,0 +1,37 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2017 Damien Goutte-Gattat
+;;
+;; This file is part of GnuPG.
+;;
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (in-srcdir "tests" "openpgp" "trust-pgp" "common.scm"))
+
+(display "Checking trust signature with domain restrictions...\n")
+
+(initscenario "scenario4")
+
+(checktrust BOBBY "f") ;; Tsigned by Alice, allowed to sign for example.com.
+(checktrust CAROL "-") ;; Signed by Bobby, but the signature should be
+ ;; ignored since Carol has an address in example.net.
+
+(checktrust DAVID "f") ;; Tsigned by Alice, allowed to sign for example.net.
+(checktrust FRANK "-") ;; Tsignature from David should be ignored because
+ ;; Frank has an address in example.com.
+
+(checktrust HEIDI "f") ;; Tsigned by David, should be valid since Heidi
+ ;; has an address in example.org.
+(checktrust GRACE "f") ;; Signed by Heidi.
diff --git a/tests/openpgp/trust-pgp/alice.sec.asc b/tests/openpgp/trust-pgp/alice.sec.asc
new file mode 100644
index 0000000..1cdde46
--- /dev/null
+++ b/tests/openpgp/trust-pgp/alice.sec.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lHcEWW2+WxMIKoZIzj0DAQcCAwQnUnqiwvOPU7gGepFTew8Fk5kmVexr+PvaqXgv
+9wKxNzZrs4GvamULk9pl2euwJGKPBRJRz8RSNpW6HIIzAPoOAAEAgOZk+WDjrmum
+0OygJdb6qJp27qsyXvMVZ8AGlsdYtUgS37QZQWxpY2UgPGFsaWNlQGV4YW1wbGUu
+b3JnPoiQBBMTCAA4FiEE/Zsg3TyYEj7ur4zFG6QVONLmVrUFAlltvlsCGwMFCwkI
+BwIGFQgJCgsCBBYCAwECHgECF4AACgkQG6QVONLmVrU7PAEAvOqeIRMiJ8Ne0tz+
+K1aRz/np/umCQxO8ddm9mnr4M7EA/1z4YdD06wJXp4RXUI0G2QOHTY+QXMShCFrp
+ySArWQqN
+=3+Iz
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/bobby.sec.asc b/tests/openpgp/trust-pgp/bobby.sec.asc
new file mode 100644
index 0000000..2164b5d
--- /dev/null
+++ b/tests/openpgp/trust-pgp/bobby.sec.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lHcEWW3WihMIKoZIzj0DAQcCAwTtUYI84wfNPCwa/r2ke7tXz0uv/En9LQZbW0QE
+nzHigEvMXLfyjfjCf5tQ2eVbKLbABxtKwDtC2bv8dMcmgqd/AAEA6EzyQYtLOL9v
+4SErBRic7MmQfxFbEJIQSu2vtbWos/0QFLQZQm9iYnkgPGJvYmJ5QGV4YW1wbGUu
+Y29tPoiQBBMTCAA4FiEETT9Z9NgDD9LYRK/rpbrD7RJcyuUFAllt1ooCGwMFCwkI
+BwIGFQgJCgsCBBYCAwECHgECF4AACgkQpbrD7RJcyuWUjgEA9UreuOxgDzhSCGAQ
+5GtxBiXkmp/IuH/rvNI8qZaVnoIBAPs/VUgy3eySjF6g9wf/UzvqwUdtoaYvkyC2
+a25O7Lxc
+=76RO
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/carol.sec.asc b/tests/openpgp/trust-pgp/carol.sec.asc
new file mode 100644
index 0000000..d366f3f
--- /dev/null
+++ b/tests/openpgp/trust-pgp/carol.sec.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lHcEWW3WrxMIKoZIzj0DAQcCAwS4HzEJ0YwXZ1SWciHOmWdfnESTvwC3Zb/sWRu8
+zdIeZzxAwu8lYQaDq/eOgKeXQVW5gxkQG5rCWUazbG+gCBEIAAEA2QzHlkxFJkTg
+QvZuimqU0AySYsleRUaO9B9UARiUbOYOwrQZQ2Fyb2wgPGNhcm9sQGV4YW1wbGUu
+bmV0PoiQBBMTCAA4FiEEbGJzXkVMzdefpspgEHkROuwSgv0FAllt1q8CGwMFCwkI
+BwIGFQgJCgsCBBYCAwECHgECF4AACgkQEHkROuwSgv3MygD+KdusoDvz7WZbsjjB
+WI/HLhWfWfXsoAR9mN/5rZ94HDgA/1VqbvUcM+vPU62g7/0qoGqWCda3SURB6263
+Kirbk6hY
+=wkQ4
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/common.scm b/tests/openpgp/trust-pgp/common.scm
new file mode 100644
index 0000000..2a545e8
--- /dev/null
+++ b/tests/openpgp/trust-pgp/common.scm
@@ -0,0 +1,66 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2017 Damien Goutte-Gattat
+;;
+;; This file is part of GnuPG.
+;;
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (in-srcdir "tests" "openpgp" "defs.scm"))
+
+;; Redefine GPG without --always-trust.
+(define GPG `(,(tool 'gpg)))
+
+;; Helper constants for setownertrust.
+(define MARGINALTRUST "4")
+(define FULLTRUST "5")
+(define ULTIMATETRUST "6")
+
+;; Assign OWNERTRUST to the key identified by the provided
+;; fingerprint KEYFPR.
+(define (setownertrust keyfpr ownertrust)
+ (pipe:do
+ (pipe:echo (string-append keyfpr ":" ownertrust ":\n"))
+ (pipe:gpg `(--import-ownertrust))))
+
+;; Force a trustdb update.
+(define (updatetrustdb)
+ (call-check `(, at GPG --check-trustdb --yes)))
+
+;; IDs of all the keys involved in those tests.
+(define ALICE "FD9B20DD3C98123EEEAF8CC51BA41538D2E656B5")
+(define BOBBY "4D3F59F4D8030FD2D844AFEBA5BAC3ED125CCAE5")
+(define CAROL "6C62735E454CCDD79FA6CA601079113AEC1282FD")
+(define DAVID "A0607635198CABA2C467FAA64CE5BB42E3984000")
+(define FRANK "CE1A0E07CF8A20CBF8DC47D6DB9017DBAE6CD0EF")
+(define GRACE "B935F4B8DA009AFBCCDD41386653A183007F8345")
+(define HEIDI "0389C0B7990E10520B334F23756F1571EDA9184B")
+
+;; Initialize a given scenario.
+;; NAME should be the basename of the scenario file
+;; in this directory.
+(define (initscenario name)
+ (setup-environment)
+ ;; Make sure we are using the PGP trust model. This may no
+ ;; be the default model in the future.
+ (let ((trust-model (gpg-config 'gpg "trust-model")))
+ (trust-model::update "pgp"))
+ ;; Load the scenario's public keys.
+ (call-check `(, at GPG --import
+ ,(in-srcdir "tests" "openpgp" "trust-pgp"
+ (string-append name ".asc"))))
+ ;; Use Alice's key as root for all trust evaluations.
+ (setownertrust ALICE ULTIMATETRUST)
+ (updatetrustdb))
diff --git a/tests/openpgp/trust-pgp/david.sec.asc b/tests/openpgp/trust-pgp/david.sec.asc
new file mode 100644
index 0000000..06c4e83
--- /dev/null
+++ b/tests/openpgp/trust-pgp/david.sec.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lHcEWW3WzRMIKoZIzj0DAQcCAwQrTeILyHVpkkDsAyAlY7wz0PYjG48ShCYeTX2z
+5f2bLxZGeepQeMiOXznPvCwRNMNpr63048+LGqu34Q9di5tvAAD9HITG0iG5SzeW
+cGMfhzGuXEn2P+9arb0OttTUcj+eGBIP8bQZRGF2aWQgPGRhdmlkQGV4YW1wbGUu
+b3JnPoiQBBMTCAA4FiEEoGB2NRmMq6LEZ/qmTOW7QuOYQAAFAllt1s0CGwMFCwkI
+BwIGFQgJCgsCBBYCAwECHgECF4AACgkQTOW7QuOYQAAJtAD+JxiDZttAb51FjB5o
+J1BksmzIrgL6ouorbLLRjVyk7rkA/0JqyLhh1K3vn4rYDbuKtvQAcfQbCndzwF9X
+uGQ/7gbS
+=EC4L
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/frank.sec.asc b/tests/openpgp/trust-pgp/frank.sec.asc
new file mode 100644
index 0000000..50235de
--- /dev/null
+++ b/tests/openpgp/trust-pgp/frank.sec.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lHcEWW3W3RMIKoZIzj0DAQcCAwQs0QS2PEUXhpmsPlaTFOsXd8AoYqpa6xcc0+AE
+Mck1EzlqRlxeibvYeh/+yxjl18Ouww/BERB+PcoABXp00zXzAAD+Oybk8/6x5nc8
+ZNHkRIbfHW8oKh7jxbpob9X7QIfBpf8TcbQZRnJhbmsgPGZyYW5rQGV4YW1wbGUu
+Y29tPoiQBBMTCAA4FiEEzhoOB8+KIMv43EfW25AX265s0O8FAllt1t0CGwMFCwkI
+BwIGFQgJCgsCBBYCAwECHgECF4AACgkQ25AX265s0O+nDQD/RplCmAPQgMejhs2/
+YmOqWrekyd4IWNj9zyI2n228WXYBAJ1/Wf1vBviOEqzs7t+C0iBExxJXViPlG0nN
+Z9aoiX1G
+=vnHF
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/grace.sec.asc b/tests/openpgp/trust-pgp/grace.sec.asc
new file mode 100644
index 0000000..23ebd71
--- /dev/null
+++ b/tests/openpgp/trust-pgp/grace.sec.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lHcEWW3W8RMIKoZIzj0DAQcCAwRTGb7wRrdPa+mXxUNJoYgWbKfMDQH9M1H366PQ
+ga8L32TYccFzyCD8DuRYOQxzhnCtSHtdzK4QAwwGLaJV6GRjAAEAzBLT+dB5ga7S
+Lh7PepOB9yObDHrHAvXGXg9AUvEm3ZkQ6bQZR3JhY2UgPGdyYWNlQGV4YW1wbGUu
+bmV0PoiQBBMTCAA4FiEEuTX0uNoAmvvM3UE4ZlOhgwB/g0UFAllt1vECGwMFCwkI
+BwIGFQgJCgsCBBYCAwECHgECF4AACgkQZlOhgwB/g0W2AAD+KmW2DQALWTnsVnL/
+QKdJ1J8DsaR1l+y2h7FUYuFttQsBALZYs2vUwOVBnAYyqbHogqgbPSxKRXeAxNqo
+epx6csv+
+=05c1
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/heidi.sec.asc b/tests/openpgp/trust-pgp/heidi.sec.asc
new file mode 100644
index 0000000..f650d1a
--- /dev/null
+++ b/tests/openpgp/trust-pgp/heidi.sec.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lHcEWW3XBxMIKoZIzj0DAQcCAwSINFpTZUYnxDDj3k16ljZIt58rh3cuUNIvUcqR
+zR9kdlmudQTaf1zUsW6F3r+t91t88kaA2Fcci3wkU0CAob0WAAD/eTlMM3JTEF6K
+yh8gxk1+mXRVUAmcGwr+1PzC3nzJAkgPALQZSGVpZGkgPGhlaWRpQGV4YW1wbGUu
+b3JnPoiQBBMTCAA4FiEEA4nAt5kOEFILM08jdW8Vce2pGEsFAllt1wcCGwMFCwkI
+BwIGFQgJCgsCBBYCAwECHgECF4AACgkQdW8Vce2pGEtwXAD/SVyIRiGnYPkqBVqG
+fI2MlTgN8+uirur2JdkcPoylCEMA/j3OeLRRT1docnEnvST1srmlXxZTbNUclnAl
+a2OZd7ME
+=1goe
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/scenario1.asc b/tests/openpgp/trust-pgp/scenario1.asc
new file mode 100644
index 0000000..82fee76
--- /dev/null
+++ b/tests/openpgp/trust-pgp/scenario1.asc
@@ -0,0 +1,75 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW2+WxMIKoZIzj0DAQcCAwQnUnqiwvOPU7gGepFTew8Fk5kmVexr+PvaqXgv
+9wKxNzZrs4GvamULk9pl2euwJGKPBRJRz8RSNpW6HIIzAPoOtBlBbGljZSA8YWxp
+Y2VAZXhhbXBsZS5vcmc+iJAEExMIADgWIQT9myDdPJgSPu6vjMUbpBU40uZWtQUC
+WW2+WwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAbpBU40uZWtTs8AQC8
+6p4hEyInw17S3P4rVpHP+en+6YJDE7x12b2aevgzsQD/XPhh0PTrAlenhFdQjQbZ
+A4dNj5BcxKEIWunJICtZCo0=
+=rf4w
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WihMIKoZIzj0DAQcCAwTtUYI84wfNPCwa/r2ke7tXz0uv/En9LQZbW0QE
+nzHigEvMXLfyjfjCf5tQ2eVbKLbABxtKwDtC2bv8dMcmgqd/tBlCb2JieSA8Ym9i
+YnlAZXhhbXBsZS5jb20+iJAEExMIADgWIQRNP1n02AMP0thEr+ulusPtElzK5QUC
+WW3WigIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRClusPtElzK5ZSOAQD1
+St647GAPOFIIYBDka3EGJeSan8i4f+u80jyplpWeggEA+z9VSDLd7JKMXqD3B/9T
+O+rBR22hpi+TILZrbk7svFyIdQQQEwgAHRYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbhAyAAoJEBukFTjS5la10+gA/2wr/lG67+xA1n3+2tQkIf1254lnwr8NXhwg
+w4UAAbajAP9hOXzltmmHV4BaBm35GEv/A2iAABV6lzgvApmM9c445A==
+=i2Va
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WrxMIKoZIzj0DAQcCAwS4HzEJ0YwXZ1SWciHOmWdfnESTvwC3Zb/sWRu8
+zdIeZzxAwu8lYQaDq/eOgKeXQVW5gxkQG5rCWUazbG+gCBEItBlDYXJvbCA8Y2Fy
+b2xAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQRsYnNeRUzN15+mymAQeRE67BKC/QUC
+WW3WrwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAQeRE67BKC/czKAP4p
+26ygO/PtZluyOMFYj8cuFZ9Z9eygBH2Y3/mtn3gcOAD/VWpu9Rwz689TraDv/Sqg
+apYJ1rdJREHrbrcqKtuTqFiIdQQQEwgAHRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbhBhAAoJEKW6w+0SXMrlPYgA/21rYq9iItnLASDCdt4ZX6gPKEZVBFDk6850
+Gyvg3TrEAP9/9bjKEFCSbo6vFKONOEpKqA/9B85Ff+2jq1lvfafV4Q==
+=mwVS
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WzRMIKoZIzj0DAQcCAwQrTeILyHVpkkDsAyAlY7wz0PYjG48ShCYeTX2z
+5f2bLxZGeepQeMiOXznPvCwRNMNpr63048+LGqu34Q9di5tvtBlEYXZpZCA8ZGF2
+aWRAZXhhbXBsZS5vcmc+iJAEExMIADgWIQSgYHY1GYyrosRn+qZM5btC45hAAAUC
+WW3WzQIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBM5btC45hAAAm0AP4n
+GINm20BvnUWMHmgnUGSybMiuAvqi6itsstGNXKTuuQD/QmrIuGHUre+fitgNu4q2
+9ABx9BsKd3PAX1e4ZD/uBtKIdQQQEwgAHRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbhB0AAoJEKW6w+0SXMrlARwA/RiqKRh4rYtW5gP20PoQNYfS1qh+lDRTlhfp
+SSF5aKKFAP90s5/fp6n382IjbOhmQiEB9N4gv4pZT3YP13NQwAABbg==
+=bLxR
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W3RMIKoZIzj0DAQcCAwQs0QS2PEUXhpmsPlaTFOsXd8AoYqpa6xcc0+AE
+Mck1EzlqRlxeibvYeh/+yxjl18Ouww/BERB+PcoABXp00zXztBlGcmFuayA8ZnJh
+bmtAZXhhbXBsZS5jb20+iJAEExMIADgWIQTOGg4Hz4ogy/jcR9bbkBfbrmzQ7wUC
+WW3W3QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDbkBfbrmzQ76cNAP9G
+mUKYA9CAx6OGzb9iY6pat6TJ3ghY2P3PIjafbbxZdgEAnX9Z/W8G+I4SrOzu34LS
+IETHEldWI+UbSc1n1qiJfUaIdQQQEwgAHRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbhCEAAoJEKW6w+0SXMrlepAA/3+AAaRQVfsU+zQtGg43VxAcfW+ezuUVCYUY
+IW2Lv+GkAP0WF7Nh5N4nDo/gC3WBW2zdWArlRaWa5NxcCquEUaE7Tg==
+=SWmz
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W8RMIKoZIzj0DAQcCAwRTGb7wRrdPa+mXxUNJoYgWbKfMDQH9M1H366PQ
+ga8L32TYccFzyCD8DuRYOQxzhnCtSHtdzK4QAwwGLaJV6GRjtBlHcmFjZSA8Z3Jh
+Y2VAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQS5NfS42gCa+8zdQThmU6GDAH+DRQUC
+WW3W8QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBmU6GDAH+DRbYAAP4q
+ZbYNAAtZOexWcv9Ap0nUnwOxpHWX7LaHsVRi4W21CwEAtliza9TA5UGcBjKpseiC
+qBs9LEpFd4DE2qh6nHpyy/6IdQQQEwgAHRYhBGxic15FTM3Xn6bKYBB5ETrsEoL9
+BQJZbhCyAAoJEBB5ETrsEoL9pVoBAPGc50vXiWmSAx8U573pqAyBsVPPMUlfrrgc
+tVZZQ9DyAP9LCpG1kJOnB1Fia1M6M/37FAwVjUerWTrp6XoG1888PYh1BBATCAAd
+FiEEoGB2NRmMq6LEZ/qmTOW7QuOYQAAFAlluEM4ACgkQTOW7QuOYQAB3HgD+Kw+R
+WbH8RcSlNbwlGWCWYwKvik7ukIMcTXXYD5azTYoBANF5Ym2n5RExmEd8nTrWu9MR
+TUlOgAXfzm/iH4+TNj2yiHUEEBMIAB0WIQTOGg4Hz4ogy/jcR9bbkBfbrmzQ7wUC
+WW4Q7AAKCRDbkBfbrmzQ7weXAP9OyFxzdpbq1R+V6T5WEckR5OtE6Va/7CHRPRW+
+kMNVjwD/YQZVbOCRxKybVbvPuF+29w7sWp4iAmmrmCFnKfgxZsQ=
+=r9Ly
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/scenario2.asc b/tests/openpgp/trust-pgp/scenario2.asc
new file mode 100644
index 0000000..3a98621
--- /dev/null
+++ b/tests/openpgp/trust-pgp/scenario2.asc
@@ -0,0 +1,70 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW2+WxMIKoZIzj0DAQcCAwQnUnqiwvOPU7gGepFTew8Fk5kmVexr+PvaqXgv
+9wKxNzZrs4GvamULk9pl2euwJGKPBRJRz8RSNpW6HIIzAPoOtBlBbGljZSA8YWxp
+Y2VAZXhhbXBsZS5vcmc+iJAEExMIADgWIQT9myDdPJgSPu6vjMUbpBU40uZWtQUC
+WW2+WwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAbpBU40uZWtTs8AQC8
+6p4hEyInw17S3P4rVpHP+en+6YJDE7x12b2aevgzsQD/XPhh0PTrAlenhFdQjQbZ
+A4dNj5BcxKEIWunJICtZCo0=
+=rf4w
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WihMIKoZIzj0DAQcCAwTtUYI84wfNPCwa/r2ke7tXz0uv/En9LQZbW0QE
+nzHigEvMXLfyjfjCf5tQ2eVbKLbABxtKwDtC2bv8dMcmgqd/tBlCb2JieSA8Ym9i
+YnlAZXhhbXBsZS5jb20+iJAEExMIADgWIQRNP1n02AMP0thEr+ulusPtElzK5QUC
+WW3WigIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRClusPtElzK5ZSOAQD1
+St647GAPOFIIYBDka3EGJeSan8i4f+u80jyplpWeggEA+z9VSDLd7JKMXqD3B/9T
+O+rBR22hpi+TILZrbk7svFyIeQQQEwgAIRYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbjsoAwUBeAAKCRAbpBU40uZWtVGlAQCgHkwmJSATJbrqV7+h/1ByLDi4+thQ
+ApW8nRinGuwkxQD+NgjOVmkPGZtpvaBzLXJS/IdPAYBWAriAzDZEV2GchWM=
+=4Xcm
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WrxMIKoZIzj0DAQcCAwS4HzEJ0YwXZ1SWciHOmWdfnESTvwC3Zb/sWRu8
+zdIeZzxAwu8lYQaDq/eOgKeXQVW5gxkQG5rCWUazbG+gCBEItBlDYXJvbCA8Y2Fy
+b2xAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQRsYnNeRUzN15+mymAQeRE67BKC/QUC
+WW3WrwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAQeRE67BKC/czKAP4p
+26ygO/PtZluyOMFYj8cuFZ9Z9eygBH2Y3/mtn3gcOAD/VWpu9Rwz689TraDv/Sqg
+apYJ1rdJREHrbrcqKtuTqFiIdQQQEwgAHRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbjteAAoJEKW6w+0SXMrlkJQBAO19erLoHXOqUI01Wl0tcaKIwEB5HkIHLh0w
+cCTOG4bDAQCCG8a8D1mg9jVPukBzTBUZGpDZmg/U3JGW3XE6rKlKXQ==
+=Df0N
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WzRMIKoZIzj0DAQcCAwQrTeILyHVpkkDsAyAlY7wz0PYjG48ShCYeTX2z
+5f2bLxZGeepQeMiOXznPvCwRNMNpr63048+LGqu34Q9di5tvtBlEYXZpZCA8ZGF2
+aWRAZXhhbXBsZS5vcmc+iJAEExMIADgWIQSgYHY1GYyrosRn+qZM5btC45hAAAUC
+WW3WzQIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBM5btC45hAAAm0AP4n
+GINm20BvnUWMHmgnUGSybMiuAvqi6itsstGNXKTuuQD/QmrIuGHUre+fitgNu4q2
+9ABx9BsKd3PAX1e4ZD/uBtKIdQQQEwgAHRYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbkUBAAoJEBukFTjS5la1zSgA/A6ei6bus+VtQtL1rsJfovwoxnyAq+QzCcJL
+ZheUUK3LAQCK+rVE1Yn9QsFoNYZUgLHrnQDtSVq9ClJvNw/Wuz7DpQ==
+=No85
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W3RMIKoZIzj0DAQcCAwQs0QS2PEUXhpmsPlaTFOsXd8AoYqpa6xcc0+AE
+Mck1EzlqRlxeibvYeh/+yxjl18Ouww/BERB+PcoABXp00zXztBlGcmFuayA8ZnJh
+bmtAZXhhbXBsZS5jb20+iJAEExMIADgWIQTOGg4Hz4ogy/jcR9bbkBfbrmzQ7wUC
+WW3W3QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDbkBfbrmzQ76cNAP9G
+mUKYA9CAx6OGzb9iY6pat6TJ3ghY2P3PIjafbbxZdgEAnX9Z/W8G+I4SrOzu34LS
+IETHEldWI+UbSc1n1qiJfUaIeQQQEwgAIRYhBKBgdjUZjKuixGf6pkzlu0LjmEAA
+BQJZbkUwAwUBeAAKCRBM5btC45hAAJF0AQD3lBQszLXrlSnCLuHfQxbS/p05DURZ
+HRi8MbTqkrcgrQD8Cs3gwQCBkPUrx8boAyjcuX1BK/TYZ1Gg8hWkozNr1lI=
+=HwV/
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W8RMIKoZIzj0DAQcCAwRTGb7wRrdPa+mXxUNJoYgWbKfMDQH9M1H366PQ
+ga8L32TYccFzyCD8DuRYOQxzhnCtSHtdzK4QAwwGLaJV6GRjtBlHcmFjZSA8Z3Jh
+Y2VAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQS5NfS42gCa+8zdQThmU6GDAH+DRQUC
+WW3W8QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBmU6GDAH+DRbYAAP4q
+ZbYNAAtZOexWcv9Ap0nUnwOxpHWX7LaHsVRi4W21CwEAtliza9TA5UGcBjKpseiC
+qBs9LEpFd4DE2qh6nHpyy/6IdQQQEwgAHRYhBM4aDgfPiiDL+NxH1tuQF9uubNDv
+BQJZbkVQAAoJENuQF9uubNDvyrkBAICiFq2dTFzLrXNsItwpPrB20trzEPM/JAxa
+lzSyknJMAQDBCj8nyEtlpkYh9t9ovy/x75D1OUBFFYHOQXCMy0QyRA==
+=yoqI
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/scenario3.asc b/tests/openpgp/trust-pgp/scenario3.asc
new file mode 100644
index 0000000..240afd5
--- /dev/null
+++ b/tests/openpgp/trust-pgp/scenario3.asc
@@ -0,0 +1,58 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW2+WxMIKoZIzj0DAQcCAwQnUnqiwvOPU7gGepFTew8Fk5kmVexr+PvaqXgv
+9wKxNzZrs4GvamULk9pl2euwJGKPBRJRz8RSNpW6HIIzAPoOtBlBbGljZSA8YWxp
+Y2VAZXhhbXBsZS5vcmc+iJAEExMIADgWIQT9myDdPJgSPu6vjMUbpBU40uZWtQUC
+WW2+WwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAbpBU40uZWtTs8AQC8
+6p4hEyInw17S3P4rVpHP+en+6YJDE7x12b2aevgzsQD/XPhh0PTrAlenhFdQjQbZ
+A4dNj5BcxKEIWunJICtZCo0=
+=rf4w
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WihMIKoZIzj0DAQcCAwTtUYI84wfNPCwa/r2ke7tXz0uv/En9LQZbW0QE
+nzHigEvMXLfyjfjCf5tQ2eVbKLbABxtKwDtC2bv8dMcmgqd/tBlCb2JieSA8Ym9i
+YnlAZXhhbXBsZS5jb20+iJAEExMIADgWIQRNP1n02AMP0thEr+ulusPtElzK5QUC
+WW3WigIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRClusPtElzK5ZSOAQD1
+St647GAPOFIIYBDka3EGJeSan8i4f+u80jyplpWeggEA+z9VSDLd7JKMXqD3B/9T
+O+rBR22hpi+TILZrbk7svFyIeQQQEwgAIRYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbmYmAwUCeAAKCRAbpBU40uZWtSQhAQD2HLi7PUipgcO9N+KEJLKl2T9ralzj
+O1PMy8IbxnG86AD/Ya541TcH9oxZUWm5dsHd/eoBnSu2WwWkLPNHirRkzwE=
+=R1uZ
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WrxMIKoZIzj0DAQcCAwS4HzEJ0YwXZ1SWciHOmWdfnESTvwC3Zb/sWRu8
+zdIeZzxAwu8lYQaDq/eOgKeXQVW5gxkQG5rCWUazbG+gCBEItBlDYXJvbCA8Y2Fy
+b2xAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQRsYnNeRUzN15+mymAQeRE67BKC/QUC
+WW3WrwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAQeRE67BKC/czKAP4p
+26ygO/PtZluyOMFYj8cuFZ9Z9eygBH2Y3/mtn3gcOAD/VWpu9Rwz689TraDv/Sqg
+apYJ1rdJREHrbrcqKtuTqFiIeQQQEwgAIRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbmZIAwUCeAAKCRClusPtElzK5YuLAP0b5nCuz6p6DDrHB0rtwfhEfJQgvsEc
+zGE2Hh5P5fXP/AEA2Gt8LEWiHYNGWu6ZN02oyCoNUEfZZFva59IIPrzPDHU=
+=S6Nc
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WzRMIKoZIzj0DAQcCAwQrTeILyHVpkkDsAyAlY7wz0PYjG48ShCYeTX2z
+5f2bLxZGeepQeMiOXznPvCwRNMNpr63048+LGqu34Q9di5tvtBlEYXZpZCA8ZGF2
+aWRAZXhhbXBsZS5vcmc+iJAEExMIADgWIQSgYHY1GYyrosRn+qZM5btC45hAAAUC
+WW3WzQIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBM5btC45hAAAm0AP4n
+GINm20BvnUWMHmgnUGSybMiuAvqi6itsstGNXKTuuQD/QmrIuGHUre+fitgNu4q2
+9ABx9BsKd3PAX1e4ZD/uBtKIeQQQEwgAIRYhBGxic15FTM3Xn6bKYBB5ETrsEoL9
+BQJZbmZ0AwUCeAAKCRAQeRE67BKC/eFYAQDaKoyQZYnNH/62hydWITZ1nOYM/h6i
+6L/b+XqB9DD0ewD9FAbO1wzassj6FmZMZDaraqdljTX+94JY5E3GJ8EQXo4=
+=kaec
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W3RMIKoZIzj0DAQcCAwQs0QS2PEUXhpmsPlaTFOsXd8AoYqpa6xcc0+AE
+Mck1EzlqRlxeibvYeh/+yxjl18Ouww/BERB+PcoABXp00zXztBlGcmFuayA8ZnJh
+bmtAZXhhbXBsZS5jb20+iJAEExMIADgWIQTOGg4Hz4ogy/jcR9bbkBfbrmzQ7wUC
+WW3W3QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDbkBfbrmzQ76cNAP9G
+mUKYA9CAx6OGzb9iY6pat6TJ3ghY2P3PIjafbbxZdgEAnX9Z/W8G+I4SrOzu34LS
+IETHEldWI+UbSc1n1qiJfUaIeQQQEwgAIRYhBKBgdjUZjKuixGf6pkzlu0LjmEAA
+BQJZbmaiAwUCeAAKCRBM5btC45hAAMcRAP9dcKO3ETB52AsFdBp2iJVjqJ5JiftN
+B/2FZBxPtSjXpAD/YdDzs+zNaAUlFIFmXzP9EmIqmXhC6XSiASrNd5EW33A=
+=DXNa
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/scenario4.asc b/tests/openpgp/trust-pgp/scenario4.asc
new file mode 100644
index 0000000..7860c95
--- /dev/null
+++ b/tests/openpgp/trust-pgp/scenario4.asc
@@ -0,0 +1,84 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW2+WxMIKoZIzj0DAQcCAwQnUnqiwvOPU7gGepFTew8Fk5kmVexr+PvaqXgv
+9wKxNzZrs4GvamULk9pl2euwJGKPBRJRz8RSNpW6HIIzAPoOtBlBbGljZSA8YWxp
+Y2VAZXhhbXBsZS5vcmc+iJAEExMIADgWIQT9myDdPJgSPu6vjMUbpBU40uZWtQUC
+WW2+WwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAbpBU40uZWtTs8AQC8
+6p4hEyInw17S3P4rVpHP+en+6YJDE7x12b2aevgzsQD/XPhh0PTrAlenhFdQjQbZ
+A4dNj5BcxKEIWunJICtZCo0=
+=rf4w
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WihMIKoZIzj0DAQcCAwTtUYI84wfNPCwa/r2ke7tXz0uv/En9LQZbW0QE
+nzHigEvMXLfyjfjCf5tQ2eVbKLbABxtKwDtC2bv8dMcmgqd/tBlCb2JieSA8Ym9i
+YnlAZXhhbXBsZS5jb20+iJAEExMIADgWIQRNP1n02AMP0thEr+ulusPtElzK5QUC
+WW3WigIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRClusPtElzK5ZSOAQD1
+St647GAPOFIIYBDka3EGJeSan8i4f+u80jyplpWeggEA+z9VSDLd7JKMXqD3B/9T
+O+rBR22hpi+TILZrbk7svFyIlAQQEwgAPBYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbm5IAwUCeBqGPFtePl0rW0AuXWV4YW1wbGVcLmNvbT4kAAAKCRAbpBU40uZW
+tb+2APsFKgWxiLtSbpcekarOlPrw014LVinLGah3VE1Izay+tAEA+0INHdcNoz64
+kRE/2siUnx1ksrWcWvJbvNMteknXhzY=
+=UQni
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WrxMIKoZIzj0DAQcCAwS4HzEJ0YwXZ1SWciHOmWdfnESTvwC3Zb/sWRu8
+zdIeZzxAwu8lYQaDq/eOgKeXQVW5gxkQG5rCWUazbG+gCBEItBlDYXJvbCA8Y2Fy
+b2xAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQRsYnNeRUzN15+mymAQeRE67BKC/QUC
+WW3WrwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAQeRE67BKC/czKAP4p
+26ygO/PtZluyOMFYj8cuFZ9Z9eygBH2Y3/mtn3gcOAD/VWpu9Rwz689TraDv/Sqg
+apYJ1rdJREHrbrcqKtuTqFiIdQQQEwgAHRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbm6PAAoJEKW6w+0SXMrlWj8A/2UdgyhbV+tLjyFb87iBiaWxSIVfiVyjhLZN
+htPTrKb2AP4yIRxJ3x0LmRSDLkZ/QIQmgahlAXRmKCXSRAB8x2KRsQ==
+=Zbpr
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WzRMIKoZIzj0DAQcCAwQrTeILyHVpkkDsAyAlY7wz0PYjG48ShCYeTX2z
+5f2bLxZGeepQeMiOXznPvCwRNMNpr63048+LGqu34Q9di5tvtBlEYXZpZCA8ZGF2
+aWRAZXhhbXBsZS5vcmc+iJAEExMIADgWIQSgYHY1GYyrosRn+qZM5btC45hAAAUC
+WW3WzQIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBM5btC45hAAAm0AP4n
+GINm20BvnUWMHmgnUGSybMiuAvqi6itsstGNXKTuuQD/QmrIuGHUre+fitgNu4q2
+9ABx9BsKd3PAX1e4ZD/uBtKIlAQQEwgAPBYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbm5uAwUCeBqGPFtePl0rW0AuXWV4YW1wbGVcLm9yZz4kAAAKCRAbpBU40uZW
+tYGkAQDcxaTENxUFCcwyuv/pOpNr51Q7bhCcWVPd3Zn1t3yurQD+KDre0hsrR0Rf
+kiq5JYhqh8sEejmFQ1EtcCNI2x8CvHg=
+=W5g4
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W3RMIKoZIzj0DAQcCAwQs0QS2PEUXhpmsPlaTFOsXd8AoYqpa6xcc0+AE
+Mck1EzlqRlxeibvYeh/+yxjl18Ouww/BERB+PcoABXp00zXztBlGcmFuayA8ZnJh
+bmtAZXhhbXBsZS5jb20+iJAEExMIADgWIQTOGg4Hz4ogy/jcR9bbkBfbrmzQ7wUC
+WW3W3QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDbkBfbrmzQ76cNAP9G
+mUKYA9CAx6OGzb9iY6pat6TJ3ghY2P3PIjafbbxZdgEAnX9Z/W8G+I4SrOzu34LS
+IETHEldWI+UbSc1n1qiJfUaIdQQQEwgAHRYhBKBgdjUZjKuixGf6pkzlu0LjmEAA
+BQJZbm7vAAoJEEzlu0LjmEAAmT0A/3kZ3vms9aDuS2OD9yE/KoluBQi1UWR59V/2
+JHomhTiRAP9GI/01N3pRty986m4dVBbrXpT39ZkEj4q+zkn1uNeQHA==
+=UqlD
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W8RMIKoZIzj0DAQcCAwRTGb7wRrdPa+mXxUNJoYgWbKfMDQH9M1H366PQ
+ga8L32TYccFzyCD8DuRYOQxzhnCtSHtdzK4QAwwGLaJV6GRjtBlHcmFjZSA8Z3Jh
+Y2VAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQS5NfS42gCa+8zdQThmU6GDAH+DRQUC
+WW3W8QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBmU6GDAH+DRbYAAP4q
+ZbYNAAtZOexWcv9Ap0nUnwOxpHWX7LaHsVRi4W21CwEAtliza9TA5UGcBjKpseiC
+qBs9LEpFd4DE2qh6nHpyy/6IdQQQEwgAHRYhBAOJwLeZDhBSCzNPI3VvFXHtqRhL
+BQJZbm85AAoJEHVvFXHtqRhL6N0BAPjsViTQhc/t9zbC7Jf3bRLQTYjwR5EtW4Wu
+IZZeByYXAQDw0Wofsq945J5oRLoTPdc264dBv8ojBr0/1uFWOvci/w==
+=q1yC
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3XBxMIKoZIzj0DAQcCAwSINFpTZUYnxDDj3k16ljZIt58rh3cuUNIvUcqR
+zR9kdlmudQTaf1zUsW6F3r+t91t88kaA2Fcci3wkU0CAob0WtBlIZWlkaSA8aGVp
+ZGlAZXhhbXBsZS5vcmc+iJAEExMIADgWIQQDicC3mQ4QUgszTyN1bxVx7akYSwUC
+WW3XBwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRB1bxVx7akYS3BcAP9J
+XIhGIadg+SoFWoZ8jYyVOA3z66Ku6vYl2Rw+jKUIQwD+Pc54tFFPV2hycSe9JPWy
+uaVfFlNs1RyWcCVrY5l3swSIeQQQEwgAIRYhBKBgdjUZjKuixGf6pkzlu0LjmEAA
+BQJZbm8aAwUCeAAKCRBM5btC45hAAPABAPwLtRtV1gnk6qbyb9DvvHbG1kd2sqQ5
+mBM7cw6rPmf2EgEA3V3J9D7/4hbF/tulACVEpW9yvZq3wnEj0GSMpF6qQDE=
+=7uOj
+-----END PGP PUBLIC KEY BLOCK-----
commit cbe54b28bf3610204e12c50c0606df37337a1156
Author: Damien Goutte-Gattat <dgouttegattat at incenp.org>
Date: Wed Jul 19 22:17:28 2017 +0200
tests: Move some functions into a common module.
* tests/openpgp/tofu.scm (gettrust): Moved to the common defs.scm
module.
(checktrust): Likewise.
* tests/openpgp/defs.scm (gettrust): New function.
(checktrust): Likewise.
--
These functions will be re-used by the tests for the PGP trust
model.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm
index 358efa6..f52f316 100644
--- a/tests/openpgp/defs.scm
+++ b/tests/openpgp/defs.scm
@@ -466,5 +466,29 @@
(catch (log "Warning: Removing socket directory failed.")
(gpg-conf '--remove-socketdir)))
+;; Get the trust level for KEYID. Any remaining arguments are simply
+;; passed to GPG.
+;;
+;; This function only supports keys with a single user id.
+(define (gettrust keyid . args)
+ (let ((trust
+ (list-ref (assoc "pub" (gpg-with-colons
+ `(, at args
+ --list-keys ,keyid))) 1)))
+ (unless (and (= 1 (string-length trust))
+ (member (string-ref trust 0) (string->list "oidreqnmfuws-")))
+ (fail "Bad trust value:" trust))
+ trust))
+
+;; Check that KEYID's trust level matches EXPECTED-TRUST. Any
+;; remaining arguments are simply passed to GPG.
+;;
+;; This function only supports keys with a single user id.
+(define (checktrust keyid expected-trust . args)
+ (let ((trust (apply gettrust `(,keyid , at args))))
+ (unless (string=? trust expected-trust)
+ (fail keyid ": Expected trust to be" expected-trust
+ "but got" trust))))
+
;; end
diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm
index 58b2a03..cd4b4c7 100755
--- a/tests/openpgp/tofu.scm
+++ b/tests/openpgp/tofu.scm
@@ -71,30 +71,6 @@
(fail keyid ": Expected policy to be" expected-policy
"but got" policy))))
-;; Get the trust level for KEYID. Any remaining arguments are simply
-;; passed to GPG.
-;;
-;; This function only supports keys with a single user id.
-(define (gettrust keyid . args)
- (let ((trust
- (list-ref (assoc "pub" (gpg-with-colons
- `(, at args
- --list-keys ,keyid))) 1)))
- (unless (and (= 1 (string-length trust))
- (member (string-ref trust 0) (string->list "oidreqnmfuws-")))
- (fail "Bad trust value:" trust))
- trust))
-
-;; Check that KEYID's trust level matches EXPECTED-TRUST. Any
-;; remaining arguments are simply passed to GPG.
-;;
-;; This function only supports keys with a single user id.
-(define (checktrust keyid expected-trust . args)
- (let ((trust (apply gettrust `(,keyid , at args))))
- (unless (string=? trust expected-trust)
- (fail keyid ": Expected trust to be" expected-trust
- "but got" trust))))
-
;; Set key KEYID's policy to POLICY. Any remaining arguments are
;; passed as options to gpg.
(define (setpolicy keyid policy . args)
commit 0161225457e0609509d0d5f4b80a60a1071b4b48
Author: Damien Goutte-Gattat <dgouttegattat at incenp.org>
Date: Mon Aug 21 16:48:11 2017 +0200
gpgconf: Make WoT settings configurable by gpgconf.
* tools/gpgconf-comp.c (gc_options_gpg): Add max-cert-depth,
completes-needed, and marginals-needed options.
* g10/gpg.c (gpgconf_list): Likewise.
--
Some tests to come for the PGP trust model will need to manipulate
these parameters.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
diff --git a/g10/gpg.c b/g10/gpg.c
index c9fa7ae..31b1fca 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -1860,6 +1860,9 @@ gpgconf_list (const char *configfile)
es_printf ("default-new-key-algo:%lu:\n", GC_OPT_FLAG_NONE);
es_printf ("trust-model:%lu:\n", GC_OPT_FLAG_NONE);
es_printf ("disable-dirmngr:%lu:\n", GC_OPT_FLAG_NONE);
+ es_printf ("max-cert-depth:%lu:\n", GC_OPT_FLAG_NONE);
+ es_printf ("completes-needed:%lu:\n", GC_OPT_FLAG_NONE);
+ es_printf ("marginals-needed:%lu:\n", GC_OPT_FLAG_NONE);
/* The next one is an info only item and should match the macros at
the top of keygen.c */
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index b066dad..e9d4ca8 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -762,6 +762,18 @@ static gc_option_t gc_options_gpg[] =
{ "disable-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
"gnupg", N_("disable all access to the dirmngr"),
GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
+ { "max-cert-depth",
+ GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+ NULL, NULL,
+ GC_ARG_TYPE_UINT32, GC_BACKEND_GPG },
+ { "completes-needed",
+ GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+ NULL, NULL,
+ GC_ARG_TYPE_UINT32, GC_BACKEND_GPG },
+ { "marginals-needed",
+ GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+ NULL, NULL,
+ GC_ARG_TYPE_UINT32, GC_BACKEND_GPG },
GC_OPTION_NULL
-----------------------------------------------------------------------
Summary of changes:
g10/gpg.c | 3 +
tests/openpgp/Makefile.am | 19 ++++-
tests/openpgp/defs.scm | 24 +++++++
tests/openpgp/tofu.scm | 24 -------
tests/openpgp/trust-pgp-1.scm | 76 ++++++++++++++++++++
tests/openpgp/trust-pgp-2.scm | 39 ++++++++++
tests/{gpgsm/shell.scm => openpgp/trust-pgp-3.scm} | 21 +++---
tests/openpgp/trust-pgp-4.scm | 37 ++++++++++
tests/openpgp/trust-pgp/alice.sec.asc | 11 +++
tests/openpgp/trust-pgp/bobby.sec.asc | 11 +++
tests/openpgp/trust-pgp/carol.sec.asc | 11 +++
tests/openpgp/trust-pgp/common.scm | 66 +++++++++++++++++
tests/openpgp/trust-pgp/david.sec.asc | 11 +++
tests/openpgp/trust-pgp/frank.sec.asc | 11 +++
tests/openpgp/trust-pgp/grace.sec.asc | 11 +++
tests/openpgp/trust-pgp/heidi.sec.asc | 11 +++
tests/openpgp/trust-pgp/scenario1.asc | 75 +++++++++++++++++++
tests/openpgp/trust-pgp/scenario2.asc | 70 ++++++++++++++++++
tests/openpgp/trust-pgp/scenario3.asc | 58 +++++++++++++++
tests/openpgp/trust-pgp/scenario4.asc | 84 ++++++++++++++++++++++
tools/gpgconf-comp.c | 12 ++++
21 files changed, 649 insertions(+), 36 deletions(-)
create mode 100755 tests/openpgp/trust-pgp-1.scm
create mode 100755 tests/openpgp/trust-pgp-2.scm
copy tests/{gpgsm/shell.scm => openpgp/trust-pgp-3.scm} (58%)
mode change 100644 => 100755
create mode 100755 tests/openpgp/trust-pgp-4.scm
create mode 100644 tests/openpgp/trust-pgp/alice.sec.asc
create mode 100644 tests/openpgp/trust-pgp/bobby.sec.asc
create mode 100644 tests/openpgp/trust-pgp/carol.sec.asc
create mode 100644 tests/openpgp/trust-pgp/common.scm
create mode 100644 tests/openpgp/trust-pgp/david.sec.asc
create mode 100644 tests/openpgp/trust-pgp/frank.sec.asc
create mode 100644 tests/openpgp/trust-pgp/grace.sec.asc
create mode 100644 tests/openpgp/trust-pgp/heidi.sec.asc
create mode 100644 tests/openpgp/trust-pgp/scenario1.asc
create mode 100644 tests/openpgp/trust-pgp/scenario2.asc
create mode 100644 tests/openpgp/trust-pgp/scenario3.asc
create mode 100644 tests/openpgp/trust-pgp/scenario4.asc
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list