[PATCH 3/5] gpg,tests: Add tests for the PGP trust model.

Damien Goutte-Gattat dgouttegattat at incenp.org
Wed Jul 19 11:33:02 CEST 2017


* tests/openpgp/Makefile.am (XTESTS): Add trust-pgp.scm.
(TEST_FILES): Add scenario files.
* tests/openpgp/trust-pgp.scm: New file.
* tests/openpgp/trust-pgp/scenario1.asc: New file.
* tests/openpgp/trust-pgp/scenario2.asc: New file.
* tests/openpgp/trust-pgp/scenario3.asc: New file.
* tests/openpgp/trust-pgp/scenario4.asc: New file.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
---
 tests/openpgp/Makefile.am             |   7 +-
 tests/openpgp/trust-pgp.scm           | 190 ++++++++++++++++++++++++++++++++++
 tests/openpgp/trust-pgp/scenario1.asc |  75 ++++++++++++++
 tests/openpgp/trust-pgp/scenario2.asc |  70 +++++++++++++
 tests/openpgp/trust-pgp/scenario3.asc |  58 +++++++++++
 tests/openpgp/trust-pgp/scenario4.asc |  84 +++++++++++++++
 6 files changed, 483 insertions(+), 1 deletion(-)
 create mode 100644 tests/openpgp/trust-pgp.scm
 create mode 100644 tests/openpgp/trust-pgp/scenario1.asc
 create mode 100644 tests/openpgp/trust-pgp/scenario2.asc
 create mode 100644 tests/openpgp/trust-pgp/scenario3.asc
 create mode 100644 tests/openpgp/trust-pgp/scenario4.asc

diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index 506bce5..c615c2a 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -82,6 +82,7 @@ XTESTS = \
 	ecc.scm \
 	4gb-packet.scm \
 	tofu.scm \
+	trust-pgp.scm \
 	gpgtar.scm \
 	use-exact-key.scm \
 	default-key.scm \
@@ -158,7 +159,11 @@ TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
 	     key-selection/1.asc \
 	     key-selection/2.asc \
 	     key-selection/3.asc \
-	     key-selection/4.asc
+	     key-selection/4.asc \
+	     trust-pgp/scenario1.asc \
+	     trust-pgp/scenario2.asc \
+	     trust-pgp/scenario3.asc \
+	     trust-pgp/scenario4.asc
 
 data_files = data-500 data-9000 data-32000 data-80000 plain-large
 
diff --git a/tests/openpgp/trust-pgp.scm b/tests/openpgp/trust-pgp.scm
new file mode 100644
index 0000000..d83361b
--- /dev/null
+++ b/tests/openpgp/trust-pgp.scm
@@ -0,0 +1,190 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2017 g10 Code GmbH
+;;
+;; This file is part of GnuPG.
+;;
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (in-srcdir "tests" "openpgp" "defs.scm"))
+(setup-environment)
+
+;; Redefine GPG without --always-trust.
+(define GPG `(,(tool 'gpg)))
+
+;; Helper constants for setownertrust.
+(define MARGINALTRUST "4")
+(define FULLTRUST "5")
+(define ULTIMATETRUST "6")
+
+;; Assign OWNERTRUST to the key identified by the provided
+;; fingerprint KEYFPR.
+(define (setownertrust keyfpr ownertrust)
+  (pipe:do
+    (pipe:echo (string-append keyfpr ":" ownertrust ":\n"))
+    (pipe:gpg `(--import-ownertrust))))
+
+;; Force a trustdb update.
+(define (updatetrustdb)
+  (call-check `(, at GPG --check-trustdb --yes)))
+
+;; Reset the test environment. We do that kind of brutally,
+;; by removing the pubring and trustdb files.
+(define (reset-environment)
+  (catch '() (unlink (path-join GNUPGHOME "pubring.kbx")))
+  (catch '() (unlink (path-join GNUPGHOME "pubring.gpg")))
+  (unlink (path-join GNUPGHOME "trustdb.gpg")))
+
+;; IDs of all the keys involved in those tests.
+(define ALICE "FD9B20DD3C98123EEEAF8CC51BA41538D2E656B5")
+(define BOBBY "4D3F59F4D8030FD2D844AFEBA5BAC3ED125CCAE5")
+(define CAROL "6C62735E454CCDD79FA6CA601079113AEC1282FD")
+(define DAVID "A0607635198CABA2C467FAA64CE5BB42E3984000")
+(define FRANK "CE1A0E07CF8A20CBF8DC47D6DB9017DBAE6CD0EF")
+(define GRACE "B935F4B8DA009AFBCCDD41386653A183007F8345")
+(define HEIDI "0389C0B7990E10520B334F23756F1571EDA9184B")
+
+;; PGP is the default trust model for now, but that
+;; could change for TOFU in the future, so let's make
+;; sure we are using PGP.
+;; For now, we play with the "classic" trust model.
+(let ((trust-model (gpg-config 'gpg "trust-model")))
+  (trust-model::update "pgp"))
+
+
+;; First scenario (basic checks with normal signatures only).
+(display "Checking basic WoT (classic trust model)...\n")
+(call-check `(, at GPG --import
+		    ,(in-srcdir "tests" "openpgp" "trust-pgp" "scenario1.asc")))
+
+;; Use Alice's key as the root of all trust evaluations.
+(setownertrust ALICE ULTIMATETRUST)
+(updatetrustdb)
+
+;; Check initial state.
+(checktrust BOBBY "f")	;; Directly signed by Alice's key.
+(checktrust CAROL "q")	;; Signed by Bobby, whose key has
+			;; no explicit ownertrust.
+(checktrust DAVID "q")	;; Likewise.
+(checktrust FRANK "q")	;; Likewise.
+(checktrust GRACE "-")	;; Signed by the previous three keys;
+			;; not evaluated since they are not valid.
+
+;; Let's trust Bobby.
+;; This should make Carol's, David's, and Frank's keys valid.
+(setownertrust BOBBY FULLTRUST)
+(updatetrustdb)
+(checktrust CAROL "f")
+(checktrust DAVID "f")
+(checktrust FRANK "f")
+(checktrust GRACE "q")	;; Now evaluated, but validity still unknown.
+
+;; Let's trust (marginally) Carol and David.
+;; This should not be enough to make Grace's key fully valid
+;; since marginals-needed defaults to 3.
+(setownertrust CAROL MARGINALTRUST)
+(setownertrust DAVID MARGINALTRUST)
+(updatetrustdb)
+(checktrust GRACE "m")
+
+;; Add marginal ownertrust to Frank's key.
+;; This should make Grace's key fully valid.
+(setownertrust FRANK MARGINALTRUST)
+(updatetrustdb)
+(checktrust GRACE "f")
+
+;; Now let's play with the length of certification chains.
+;; Setting max-cert-length to 2 should put Grace's key
+;; one step too far from Alice's key.
+(let ((max-cert-depth (gpg-config 'gpg "max-cert-depth")))
+  (max-cert-depth::update 2))
+(updatetrustdb)
+(checktrust GRACE "-")
+
+;; Raise the bar for assigning full validity.
+;; Bobby's key should be the only one retaining full validity.
+(let ((completes-needed (gpg-config 'gpg "completes-needed")))
+  (completes-needed::update 2))
+(updatetrustdb)
+(checktrust BOBBY "f")
+(checktrust CAROL "m")
+(checktrust DAVID "m")
+(checktrust FRANK "m")
+(checktrust GRACE "-")
+
+
+;; Second scenario (basic trust signature checks).
+(display "Checking WoT with trust signatures (PGP trust model)...\n")
+(let ((max-cert-depth (gpg-config 'gpg "max-cert-depth")))
+  (max-cert-depth::clear))
+(let ((completes-needed (gpg-config 'gpg "completes-needed")))
+  (completes-needed::clear))
+(reset-environment)
+
+(call-check `(, at GPG --import
+		    ,(in-srcdir "tests" "openpgp" "trust-pgp" "scenario2.asc")))
+(setownertrust ALICE ULTIMATETRUST)
+(updatetrustdb)
+
+(checktrust BOBBY "f")	;; Tsigned by Alice with trust=120.
+(checktrust CAROL "f")	;; Signed by Bobby, whose key should have full
+			;; ownertrust due to the tsig.
+(checktrust DAVID "f")	;; Signed by Alice.
+(checktrust FRANK "q")	;; Tsigned by David, whose key has no ownertrust.
+(checktrust GRACE "-")	;; Signed by Frank.
+
+(setownertrust DAVID FULLTRUST)
+(updatetrustdb)
+(checktrust FRANK "f")	;; David's key has now full ownertrust.
+(checktrust GRACE "q")	;; David is not authorized to emit tsigs,
+			;; so his tsig on Frank's key should be treated
+			;; like a normal sig (confering no ownertrust).
+
+
+;; Third scenario (sig chain depth).
+(display "Checking max depth of trust signature chains...\n")
+(reset-environment)
+(call-check `(, at GPG --import
+		    ,(in-srcdir "tests" "openpgp" "trust-pgp" "scenario3.asc")))
+(setownertrust ALICE ULTIMATETRUST)
+(updatetrustdb)
+
+(checktrust BOBBY "f")	;; Tsigned by Alice (level=2, trust=120).
+(checktrust CAROL "f")	;; Tsigned by Bobby (level=2, trust=120).
+(checktrust DAVID "f")	;; Tsigned by Carol (level=2, trust=120).
+(checktrust FRANK "q")	;; The tsig from Carol does not confer
+			;; ownertrust to David's key (too deep).
+
+
+;; Fourth scenario (trust domain restrictions).
+(display "Checking trust signature with domain restrictions...\n")
+(reset-environment)
+(call-check `(, at GPG --import
+		    ,(in-srcdir "tests" "openpgp" "trust-pgp" "scenario4.asc")))
+(setownertrust ALICE ULTIMATETRUST)
+(updatetrustdb)
+
+(checktrust BOBBY "f")	;; Tsigned by Alice, allowed to sign for example.com.
+(checktrust CAROL "-")	;; Signed by Bobby, but the signature should be
+			;; ignored since Carol has an address in example.net.
+
+(checktrust DAVID "f")	;; Tsigned by Alice, allowed to sign for example.net.
+(checktrust FRANK "-")	;; Tsignature from David should be ignored because
+			;; Frank has an address in example.com.
+
+;; The following two tests fail due to issue 2923.
+(checktrust HEIDI "f")	;; Tsigned by David, should be valid since Heidi
+			;; has an address in example.org.
+(checktrust GRACE "f")	;; Signed by Heidi.
diff --git a/tests/openpgp/trust-pgp/scenario1.asc b/tests/openpgp/trust-pgp/scenario1.asc
new file mode 100644
index 0000000..82fee76
--- /dev/null
+++ b/tests/openpgp/trust-pgp/scenario1.asc
@@ -0,0 +1,75 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW2+WxMIKoZIzj0DAQcCAwQnUnqiwvOPU7gGepFTew8Fk5kmVexr+PvaqXgv
+9wKxNzZrs4GvamULk9pl2euwJGKPBRJRz8RSNpW6HIIzAPoOtBlBbGljZSA8YWxp
+Y2VAZXhhbXBsZS5vcmc+iJAEExMIADgWIQT9myDdPJgSPu6vjMUbpBU40uZWtQUC
+WW2+WwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAbpBU40uZWtTs8AQC8
+6p4hEyInw17S3P4rVpHP+en+6YJDE7x12b2aevgzsQD/XPhh0PTrAlenhFdQjQbZ
+A4dNj5BcxKEIWunJICtZCo0=
+=rf4w
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WihMIKoZIzj0DAQcCAwTtUYI84wfNPCwa/r2ke7tXz0uv/En9LQZbW0QE
+nzHigEvMXLfyjfjCf5tQ2eVbKLbABxtKwDtC2bv8dMcmgqd/tBlCb2JieSA8Ym9i
+YnlAZXhhbXBsZS5jb20+iJAEExMIADgWIQRNP1n02AMP0thEr+ulusPtElzK5QUC
+WW3WigIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRClusPtElzK5ZSOAQD1
+St647GAPOFIIYBDka3EGJeSan8i4f+u80jyplpWeggEA+z9VSDLd7JKMXqD3B/9T
+O+rBR22hpi+TILZrbk7svFyIdQQQEwgAHRYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbhAyAAoJEBukFTjS5la10+gA/2wr/lG67+xA1n3+2tQkIf1254lnwr8NXhwg
+w4UAAbajAP9hOXzltmmHV4BaBm35GEv/A2iAABV6lzgvApmM9c445A==
+=i2Va
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WrxMIKoZIzj0DAQcCAwS4HzEJ0YwXZ1SWciHOmWdfnESTvwC3Zb/sWRu8
+zdIeZzxAwu8lYQaDq/eOgKeXQVW5gxkQG5rCWUazbG+gCBEItBlDYXJvbCA8Y2Fy
+b2xAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQRsYnNeRUzN15+mymAQeRE67BKC/QUC
+WW3WrwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAQeRE67BKC/czKAP4p
+26ygO/PtZluyOMFYj8cuFZ9Z9eygBH2Y3/mtn3gcOAD/VWpu9Rwz689TraDv/Sqg
+apYJ1rdJREHrbrcqKtuTqFiIdQQQEwgAHRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbhBhAAoJEKW6w+0SXMrlPYgA/21rYq9iItnLASDCdt4ZX6gPKEZVBFDk6850
+Gyvg3TrEAP9/9bjKEFCSbo6vFKONOEpKqA/9B85Ff+2jq1lvfafV4Q==
+=mwVS
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WzRMIKoZIzj0DAQcCAwQrTeILyHVpkkDsAyAlY7wz0PYjG48ShCYeTX2z
+5f2bLxZGeepQeMiOXznPvCwRNMNpr63048+LGqu34Q9di5tvtBlEYXZpZCA8ZGF2
+aWRAZXhhbXBsZS5vcmc+iJAEExMIADgWIQSgYHY1GYyrosRn+qZM5btC45hAAAUC
+WW3WzQIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBM5btC45hAAAm0AP4n
+GINm20BvnUWMHmgnUGSybMiuAvqi6itsstGNXKTuuQD/QmrIuGHUre+fitgNu4q2
+9ABx9BsKd3PAX1e4ZD/uBtKIdQQQEwgAHRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbhB0AAoJEKW6w+0SXMrlARwA/RiqKRh4rYtW5gP20PoQNYfS1qh+lDRTlhfp
+SSF5aKKFAP90s5/fp6n382IjbOhmQiEB9N4gv4pZT3YP13NQwAABbg==
+=bLxR
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W3RMIKoZIzj0DAQcCAwQs0QS2PEUXhpmsPlaTFOsXd8AoYqpa6xcc0+AE
+Mck1EzlqRlxeibvYeh/+yxjl18Ouww/BERB+PcoABXp00zXztBlGcmFuayA8ZnJh
+bmtAZXhhbXBsZS5jb20+iJAEExMIADgWIQTOGg4Hz4ogy/jcR9bbkBfbrmzQ7wUC
+WW3W3QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDbkBfbrmzQ76cNAP9G
+mUKYA9CAx6OGzb9iY6pat6TJ3ghY2P3PIjafbbxZdgEAnX9Z/W8G+I4SrOzu34LS
+IETHEldWI+UbSc1n1qiJfUaIdQQQEwgAHRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbhCEAAoJEKW6w+0SXMrlepAA/3+AAaRQVfsU+zQtGg43VxAcfW+ezuUVCYUY
+IW2Lv+GkAP0WF7Nh5N4nDo/gC3WBW2zdWArlRaWa5NxcCquEUaE7Tg==
+=SWmz
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W8RMIKoZIzj0DAQcCAwRTGb7wRrdPa+mXxUNJoYgWbKfMDQH9M1H366PQ
+ga8L32TYccFzyCD8DuRYOQxzhnCtSHtdzK4QAwwGLaJV6GRjtBlHcmFjZSA8Z3Jh
+Y2VAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQS5NfS42gCa+8zdQThmU6GDAH+DRQUC
+WW3W8QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBmU6GDAH+DRbYAAP4q
+ZbYNAAtZOexWcv9Ap0nUnwOxpHWX7LaHsVRi4W21CwEAtliza9TA5UGcBjKpseiC
+qBs9LEpFd4DE2qh6nHpyy/6IdQQQEwgAHRYhBGxic15FTM3Xn6bKYBB5ETrsEoL9
+BQJZbhCyAAoJEBB5ETrsEoL9pVoBAPGc50vXiWmSAx8U573pqAyBsVPPMUlfrrgc
+tVZZQ9DyAP9LCpG1kJOnB1Fia1M6M/37FAwVjUerWTrp6XoG1888PYh1BBATCAAd
+FiEEoGB2NRmMq6LEZ/qmTOW7QuOYQAAFAlluEM4ACgkQTOW7QuOYQAB3HgD+Kw+R
+WbH8RcSlNbwlGWCWYwKvik7ukIMcTXXYD5azTYoBANF5Ym2n5RExmEd8nTrWu9MR
+TUlOgAXfzm/iH4+TNj2yiHUEEBMIAB0WIQTOGg4Hz4ogy/jcR9bbkBfbrmzQ7wUC
+WW4Q7AAKCRDbkBfbrmzQ7weXAP9OyFxzdpbq1R+V6T5WEckR5OtE6Va/7CHRPRW+
+kMNVjwD/YQZVbOCRxKybVbvPuF+29w7sWp4iAmmrmCFnKfgxZsQ=
+=r9Ly
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/scenario2.asc b/tests/openpgp/trust-pgp/scenario2.asc
new file mode 100644
index 0000000..3a98621
--- /dev/null
+++ b/tests/openpgp/trust-pgp/scenario2.asc
@@ -0,0 +1,70 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW2+WxMIKoZIzj0DAQcCAwQnUnqiwvOPU7gGepFTew8Fk5kmVexr+PvaqXgv
+9wKxNzZrs4GvamULk9pl2euwJGKPBRJRz8RSNpW6HIIzAPoOtBlBbGljZSA8YWxp
+Y2VAZXhhbXBsZS5vcmc+iJAEExMIADgWIQT9myDdPJgSPu6vjMUbpBU40uZWtQUC
+WW2+WwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAbpBU40uZWtTs8AQC8
+6p4hEyInw17S3P4rVpHP+en+6YJDE7x12b2aevgzsQD/XPhh0PTrAlenhFdQjQbZ
+A4dNj5BcxKEIWunJICtZCo0=
+=rf4w
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WihMIKoZIzj0DAQcCAwTtUYI84wfNPCwa/r2ke7tXz0uv/En9LQZbW0QE
+nzHigEvMXLfyjfjCf5tQ2eVbKLbABxtKwDtC2bv8dMcmgqd/tBlCb2JieSA8Ym9i
+YnlAZXhhbXBsZS5jb20+iJAEExMIADgWIQRNP1n02AMP0thEr+ulusPtElzK5QUC
+WW3WigIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRClusPtElzK5ZSOAQD1
+St647GAPOFIIYBDka3EGJeSan8i4f+u80jyplpWeggEA+z9VSDLd7JKMXqD3B/9T
+O+rBR22hpi+TILZrbk7svFyIeQQQEwgAIRYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbjsoAwUBeAAKCRAbpBU40uZWtVGlAQCgHkwmJSATJbrqV7+h/1ByLDi4+thQ
+ApW8nRinGuwkxQD+NgjOVmkPGZtpvaBzLXJS/IdPAYBWAriAzDZEV2GchWM=
+=4Xcm
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WrxMIKoZIzj0DAQcCAwS4HzEJ0YwXZ1SWciHOmWdfnESTvwC3Zb/sWRu8
+zdIeZzxAwu8lYQaDq/eOgKeXQVW5gxkQG5rCWUazbG+gCBEItBlDYXJvbCA8Y2Fy
+b2xAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQRsYnNeRUzN15+mymAQeRE67BKC/QUC
+WW3WrwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAQeRE67BKC/czKAP4p
+26ygO/PtZluyOMFYj8cuFZ9Z9eygBH2Y3/mtn3gcOAD/VWpu9Rwz689TraDv/Sqg
+apYJ1rdJREHrbrcqKtuTqFiIdQQQEwgAHRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbjteAAoJEKW6w+0SXMrlkJQBAO19erLoHXOqUI01Wl0tcaKIwEB5HkIHLh0w
+cCTOG4bDAQCCG8a8D1mg9jVPukBzTBUZGpDZmg/U3JGW3XE6rKlKXQ==
+=Df0N
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WzRMIKoZIzj0DAQcCAwQrTeILyHVpkkDsAyAlY7wz0PYjG48ShCYeTX2z
+5f2bLxZGeepQeMiOXznPvCwRNMNpr63048+LGqu34Q9di5tvtBlEYXZpZCA8ZGF2
+aWRAZXhhbXBsZS5vcmc+iJAEExMIADgWIQSgYHY1GYyrosRn+qZM5btC45hAAAUC
+WW3WzQIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBM5btC45hAAAm0AP4n
+GINm20BvnUWMHmgnUGSybMiuAvqi6itsstGNXKTuuQD/QmrIuGHUre+fitgNu4q2
+9ABx9BsKd3PAX1e4ZD/uBtKIdQQQEwgAHRYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbkUBAAoJEBukFTjS5la1zSgA/A6ei6bus+VtQtL1rsJfovwoxnyAq+QzCcJL
+ZheUUK3LAQCK+rVE1Yn9QsFoNYZUgLHrnQDtSVq9ClJvNw/Wuz7DpQ==
+=No85
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W3RMIKoZIzj0DAQcCAwQs0QS2PEUXhpmsPlaTFOsXd8AoYqpa6xcc0+AE
+Mck1EzlqRlxeibvYeh/+yxjl18Ouww/BERB+PcoABXp00zXztBlGcmFuayA8ZnJh
+bmtAZXhhbXBsZS5jb20+iJAEExMIADgWIQTOGg4Hz4ogy/jcR9bbkBfbrmzQ7wUC
+WW3W3QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDbkBfbrmzQ76cNAP9G
+mUKYA9CAx6OGzb9iY6pat6TJ3ghY2P3PIjafbbxZdgEAnX9Z/W8G+I4SrOzu34LS
+IETHEldWI+UbSc1n1qiJfUaIeQQQEwgAIRYhBKBgdjUZjKuixGf6pkzlu0LjmEAA
+BQJZbkUwAwUBeAAKCRBM5btC45hAAJF0AQD3lBQszLXrlSnCLuHfQxbS/p05DURZ
+HRi8MbTqkrcgrQD8Cs3gwQCBkPUrx8boAyjcuX1BK/TYZ1Gg8hWkozNr1lI=
+=HwV/
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W8RMIKoZIzj0DAQcCAwRTGb7wRrdPa+mXxUNJoYgWbKfMDQH9M1H366PQ
+ga8L32TYccFzyCD8DuRYOQxzhnCtSHtdzK4QAwwGLaJV6GRjtBlHcmFjZSA8Z3Jh
+Y2VAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQS5NfS42gCa+8zdQThmU6GDAH+DRQUC
+WW3W8QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBmU6GDAH+DRbYAAP4q
+ZbYNAAtZOexWcv9Ap0nUnwOxpHWX7LaHsVRi4W21CwEAtliza9TA5UGcBjKpseiC
+qBs9LEpFd4DE2qh6nHpyy/6IdQQQEwgAHRYhBM4aDgfPiiDL+NxH1tuQF9uubNDv
+BQJZbkVQAAoJENuQF9uubNDvyrkBAICiFq2dTFzLrXNsItwpPrB20trzEPM/JAxa
+lzSyknJMAQDBCj8nyEtlpkYh9t9ovy/x75D1OUBFFYHOQXCMy0QyRA==
+=yoqI
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/scenario3.asc b/tests/openpgp/trust-pgp/scenario3.asc
new file mode 100644
index 0000000..240afd5
--- /dev/null
+++ b/tests/openpgp/trust-pgp/scenario3.asc
@@ -0,0 +1,58 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW2+WxMIKoZIzj0DAQcCAwQnUnqiwvOPU7gGepFTew8Fk5kmVexr+PvaqXgv
+9wKxNzZrs4GvamULk9pl2euwJGKPBRJRz8RSNpW6HIIzAPoOtBlBbGljZSA8YWxp
+Y2VAZXhhbXBsZS5vcmc+iJAEExMIADgWIQT9myDdPJgSPu6vjMUbpBU40uZWtQUC
+WW2+WwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAbpBU40uZWtTs8AQC8
+6p4hEyInw17S3P4rVpHP+en+6YJDE7x12b2aevgzsQD/XPhh0PTrAlenhFdQjQbZ
+A4dNj5BcxKEIWunJICtZCo0=
+=rf4w
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WihMIKoZIzj0DAQcCAwTtUYI84wfNPCwa/r2ke7tXz0uv/En9LQZbW0QE
+nzHigEvMXLfyjfjCf5tQ2eVbKLbABxtKwDtC2bv8dMcmgqd/tBlCb2JieSA8Ym9i
+YnlAZXhhbXBsZS5jb20+iJAEExMIADgWIQRNP1n02AMP0thEr+ulusPtElzK5QUC
+WW3WigIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRClusPtElzK5ZSOAQD1
+St647GAPOFIIYBDka3EGJeSan8i4f+u80jyplpWeggEA+z9VSDLd7JKMXqD3B/9T
+O+rBR22hpi+TILZrbk7svFyIeQQQEwgAIRYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbmYmAwUCeAAKCRAbpBU40uZWtSQhAQD2HLi7PUipgcO9N+KEJLKl2T9ralzj
+O1PMy8IbxnG86AD/Ya541TcH9oxZUWm5dsHd/eoBnSu2WwWkLPNHirRkzwE=
+=R1uZ
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WrxMIKoZIzj0DAQcCAwS4HzEJ0YwXZ1SWciHOmWdfnESTvwC3Zb/sWRu8
+zdIeZzxAwu8lYQaDq/eOgKeXQVW5gxkQG5rCWUazbG+gCBEItBlDYXJvbCA8Y2Fy
+b2xAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQRsYnNeRUzN15+mymAQeRE67BKC/QUC
+WW3WrwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAQeRE67BKC/czKAP4p
+26ygO/PtZluyOMFYj8cuFZ9Z9eygBH2Y3/mtn3gcOAD/VWpu9Rwz689TraDv/Sqg
+apYJ1rdJREHrbrcqKtuTqFiIeQQQEwgAIRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbmZIAwUCeAAKCRClusPtElzK5YuLAP0b5nCuz6p6DDrHB0rtwfhEfJQgvsEc
+zGE2Hh5P5fXP/AEA2Gt8LEWiHYNGWu6ZN02oyCoNUEfZZFva59IIPrzPDHU=
+=S6Nc
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WzRMIKoZIzj0DAQcCAwQrTeILyHVpkkDsAyAlY7wz0PYjG48ShCYeTX2z
+5f2bLxZGeepQeMiOXznPvCwRNMNpr63048+LGqu34Q9di5tvtBlEYXZpZCA8ZGF2
+aWRAZXhhbXBsZS5vcmc+iJAEExMIADgWIQSgYHY1GYyrosRn+qZM5btC45hAAAUC
+WW3WzQIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBM5btC45hAAAm0AP4n
+GINm20BvnUWMHmgnUGSybMiuAvqi6itsstGNXKTuuQD/QmrIuGHUre+fitgNu4q2
+9ABx9BsKd3PAX1e4ZD/uBtKIeQQQEwgAIRYhBGxic15FTM3Xn6bKYBB5ETrsEoL9
+BQJZbmZ0AwUCeAAKCRAQeRE67BKC/eFYAQDaKoyQZYnNH/62hydWITZ1nOYM/h6i
+6L/b+XqB9DD0ewD9FAbO1wzassj6FmZMZDaraqdljTX+94JY5E3GJ8EQXo4=
+=kaec
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W3RMIKoZIzj0DAQcCAwQs0QS2PEUXhpmsPlaTFOsXd8AoYqpa6xcc0+AE
+Mck1EzlqRlxeibvYeh/+yxjl18Ouww/BERB+PcoABXp00zXztBlGcmFuayA8ZnJh
+bmtAZXhhbXBsZS5jb20+iJAEExMIADgWIQTOGg4Hz4ogy/jcR9bbkBfbrmzQ7wUC
+WW3W3QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDbkBfbrmzQ76cNAP9G
+mUKYA9CAx6OGzb9iY6pat6TJ3ghY2P3PIjafbbxZdgEAnX9Z/W8G+I4SrOzu34LS
+IETHEldWI+UbSc1n1qiJfUaIeQQQEwgAIRYhBKBgdjUZjKuixGf6pkzlu0LjmEAA
+BQJZbmaiAwUCeAAKCRBM5btC45hAAMcRAP9dcKO3ETB52AsFdBp2iJVjqJ5JiftN
+B/2FZBxPtSjXpAD/YdDzs+zNaAUlFIFmXzP9EmIqmXhC6XSiASrNd5EW33A=
+=DXNa
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/scenario4.asc b/tests/openpgp/trust-pgp/scenario4.asc
new file mode 100644
index 0000000..7860c95
--- /dev/null
+++ b/tests/openpgp/trust-pgp/scenario4.asc
@@ -0,0 +1,84 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW2+WxMIKoZIzj0DAQcCAwQnUnqiwvOPU7gGepFTew8Fk5kmVexr+PvaqXgv
+9wKxNzZrs4GvamULk9pl2euwJGKPBRJRz8RSNpW6HIIzAPoOtBlBbGljZSA8YWxp
+Y2VAZXhhbXBsZS5vcmc+iJAEExMIADgWIQT9myDdPJgSPu6vjMUbpBU40uZWtQUC
+WW2+WwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAbpBU40uZWtTs8AQC8
+6p4hEyInw17S3P4rVpHP+en+6YJDE7x12b2aevgzsQD/XPhh0PTrAlenhFdQjQbZ
+A4dNj5BcxKEIWunJICtZCo0=
+=rf4w
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WihMIKoZIzj0DAQcCAwTtUYI84wfNPCwa/r2ke7tXz0uv/En9LQZbW0QE
+nzHigEvMXLfyjfjCf5tQ2eVbKLbABxtKwDtC2bv8dMcmgqd/tBlCb2JieSA8Ym9i
+YnlAZXhhbXBsZS5jb20+iJAEExMIADgWIQRNP1n02AMP0thEr+ulusPtElzK5QUC
+WW3WigIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRClusPtElzK5ZSOAQD1
+St647GAPOFIIYBDka3EGJeSan8i4f+u80jyplpWeggEA+z9VSDLd7JKMXqD3B/9T
+O+rBR22hpi+TILZrbk7svFyIlAQQEwgAPBYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbm5IAwUCeBqGPFtePl0rW0AuXWV4YW1wbGVcLmNvbT4kAAAKCRAbpBU40uZW
+tb+2APsFKgWxiLtSbpcekarOlPrw014LVinLGah3VE1Izay+tAEA+0INHdcNoz64
+kRE/2siUnx1ksrWcWvJbvNMteknXhzY=
+=UQni
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WrxMIKoZIzj0DAQcCAwS4HzEJ0YwXZ1SWciHOmWdfnESTvwC3Zb/sWRu8
+zdIeZzxAwu8lYQaDq/eOgKeXQVW5gxkQG5rCWUazbG+gCBEItBlDYXJvbCA8Y2Fy
+b2xAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQRsYnNeRUzN15+mymAQeRE67BKC/QUC
+WW3WrwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAQeRE67BKC/czKAP4p
+26ygO/PtZluyOMFYj8cuFZ9Z9eygBH2Y3/mtn3gcOAD/VWpu9Rwz689TraDv/Sqg
+apYJ1rdJREHrbrcqKtuTqFiIdQQQEwgAHRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbm6PAAoJEKW6w+0SXMrlWj8A/2UdgyhbV+tLjyFb87iBiaWxSIVfiVyjhLZN
+htPTrKb2AP4yIRxJ3x0LmRSDLkZ/QIQmgahlAXRmKCXSRAB8x2KRsQ==
+=Zbpr
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WzRMIKoZIzj0DAQcCAwQrTeILyHVpkkDsAyAlY7wz0PYjG48ShCYeTX2z
+5f2bLxZGeepQeMiOXznPvCwRNMNpr63048+LGqu34Q9di5tvtBlEYXZpZCA8ZGF2
+aWRAZXhhbXBsZS5vcmc+iJAEExMIADgWIQSgYHY1GYyrosRn+qZM5btC45hAAAUC
+WW3WzQIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBM5btC45hAAAm0AP4n
+GINm20BvnUWMHmgnUGSybMiuAvqi6itsstGNXKTuuQD/QmrIuGHUre+fitgNu4q2
+9ABx9BsKd3PAX1e4ZD/uBtKIlAQQEwgAPBYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbm5uAwUCeBqGPFtePl0rW0AuXWV4YW1wbGVcLm9yZz4kAAAKCRAbpBU40uZW
+tYGkAQDcxaTENxUFCcwyuv/pOpNr51Q7bhCcWVPd3Zn1t3yurQD+KDre0hsrR0Rf
+kiq5JYhqh8sEejmFQ1EtcCNI2x8CvHg=
+=W5g4
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W3RMIKoZIzj0DAQcCAwQs0QS2PEUXhpmsPlaTFOsXd8AoYqpa6xcc0+AE
+Mck1EzlqRlxeibvYeh/+yxjl18Ouww/BERB+PcoABXp00zXztBlGcmFuayA8ZnJh
+bmtAZXhhbXBsZS5jb20+iJAEExMIADgWIQTOGg4Hz4ogy/jcR9bbkBfbrmzQ7wUC
+WW3W3QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDbkBfbrmzQ76cNAP9G
+mUKYA9CAx6OGzb9iY6pat6TJ3ghY2P3PIjafbbxZdgEAnX9Z/W8G+I4SrOzu34LS
+IETHEldWI+UbSc1n1qiJfUaIdQQQEwgAHRYhBKBgdjUZjKuixGf6pkzlu0LjmEAA
+BQJZbm7vAAoJEEzlu0LjmEAAmT0A/3kZ3vms9aDuS2OD9yE/KoluBQi1UWR59V/2
+JHomhTiRAP9GI/01N3pRty986m4dVBbrXpT39ZkEj4q+zkn1uNeQHA==
+=UqlD
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W8RMIKoZIzj0DAQcCAwRTGb7wRrdPa+mXxUNJoYgWbKfMDQH9M1H366PQ
+ga8L32TYccFzyCD8DuRYOQxzhnCtSHtdzK4QAwwGLaJV6GRjtBlHcmFjZSA8Z3Jh
+Y2VAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQS5NfS42gCa+8zdQThmU6GDAH+DRQUC
+WW3W8QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBmU6GDAH+DRbYAAP4q
+ZbYNAAtZOexWcv9Ap0nUnwOxpHWX7LaHsVRi4W21CwEAtliza9TA5UGcBjKpseiC
+qBs9LEpFd4DE2qh6nHpyy/6IdQQQEwgAHRYhBAOJwLeZDhBSCzNPI3VvFXHtqRhL
+BQJZbm85AAoJEHVvFXHtqRhL6N0BAPjsViTQhc/t9zbC7Jf3bRLQTYjwR5EtW4Wu
+IZZeByYXAQDw0Wofsq945J5oRLoTPdc264dBv8ojBr0/1uFWOvci/w==
+=q1yC
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3XBxMIKoZIzj0DAQcCAwSINFpTZUYnxDDj3k16ljZIt58rh3cuUNIvUcqR
+zR9kdlmudQTaf1zUsW6F3r+t91t88kaA2Fcci3wkU0CAob0WtBlIZWlkaSA8aGVp
+ZGlAZXhhbXBsZS5vcmc+iJAEExMIADgWIQQDicC3mQ4QUgszTyN1bxVx7akYSwUC
+WW3XBwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRB1bxVx7akYS3BcAP9J
+XIhGIadg+SoFWoZ8jYyVOA3z66Ku6vYl2Rw+jKUIQwD+Pc54tFFPV2hycSe9JPWy
+uaVfFlNs1RyWcCVrY5l3swSIeQQQEwgAIRYhBKBgdjUZjKuixGf6pkzlu0LjmEAA
+BQJZbm8aAwUCeAAKCRBM5btC45hAAPABAPwLtRtV1gnk6qbyb9DvvHbG1kd2sqQ5
+mBM7cw6rPmf2EgEA3V3J9D7/4hbF/tulACVEpW9yvZq3wnEj0GSMpF6qQDE=
+=7uOj
+-----END PGP PUBLIC KEY BLOCK-----
-- 
2.9.0




More information about the Gnupg-devel mailing list