API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 18th, 2017
97
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.49 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2. #
  3.  
  4. export GNUPGHOME
  5.  
  6. echo -----------------------------------------------------------------
  7. echo VERSION INFORMATION
  8. gpg --version
  9. uname -vimposr
  10.  
  11. echo
  12. echo -----------------------------------------------------------------
  13. echo STEP 1 : Generate test keys and export them
  14. for n in myself@example.co.uk introducer@example.com alice@example.net blake@example.org chloe@example.fr david@example.es
  15. do
  16. GNUPGHOME="$(pwd)/sandbox/$n"
  17. rm -rf "$GNUPGHOME"
  18. mkdir -p -m 700 "$GNUPGHOME"
  19. cat<<-EOF|gpg --batch --gen-key
  20. %echo Generating $n
  21. %no-protection
  22. Key-Type: RSA
  23. Key-Length: 1024
  24. Name-Real: ${n%@*}
  25. Name-Email: $n
  26. EOF
  27. gpg --export $n > $GNUPGHOME/$n.gpg
  28. done
  29.  
  30. echo
  31. echo -----------------------------------------------------------------
  32. echo STEP 2 : my introducer knows alice and blake
  33. echo import keys into the introducer\'s key-ring sign them and export
  34. echo apply level 1 unrestricted trust-signature to blake
  35. GNUPGHOME="$(pwd)/sandbox/introducer@example.com"
  36. for n in alice@example.net #blake@example.org
  37. do
  38. gpg --import "$GNUPGHOME/../$n/$n.gpg"
  39. yes | gpg --command-fd 0 --sign-key $n
  40. gpg --export $n > $GNUPGHOME/$n.gpg
  41. done
  42. for n in blake@example.org
  43. do
  44. gpg --import "$GNUPGHOME/../$n/$n.gpg"
  45. cat<<-EOF|gpg --command-fd 0 --edit-key $n
  46. tsign
  47. 2
  48. 1
  49.  
  50. y
  51. save
  52. EOF
  53. gpg --export $n > $GNUPGHOME/$n.gpg
  54. done
  55.  
  56.  
  57. echo
  58. echo -----------------------------------------------------------------
  59. echo STEP 3 : blake knows chloe and david
  60. echo import keys into blake\'s key-ring sign them and export
  61. GNUPGHOME="$(pwd)/sandbox/blake@example.org"
  62. for n in chloe@example.fr david@example.es
  63. do
  64. gpg --import "$GNUPGHOME/../$n/$n.gpg"
  65. yes | gpg --command-fd 0 --sign-key $n
  66. gpg --export $n > $GNUPGHOME/$n.gpg
  67. done
  68.  
  69. echo
  70. echo -----------------------------------------------------------------
  71. echo STEP 4 : import signed keys and show that they are not valid : unknown
  72. GNUPGHOME="$(pwd)/sandbox/myself@example.co.uk"
  73. for n in introducer@example.com alice@example.net blake@example.org
  74. do
  75. gpg --import $GNUPGHOME/../introducer@example.com/$n.gpg
  76. gpg --list-sigs $n
  77. done
  78. for n in chloe@example.fr david@example.es
  79. do
  80. gpg --import $GNUPGHOME/../blake@example.org/$n.gpg
  81. gpg --list-sigs $n
  82. done
  83.  
  84. echo
  85. echo -----------------------------------------------------------------
  86. echo STEP 5 : Sign the introducer\'s key
  87. yes | gpg --command-fd 0 --sign-key introducer@example.com
  88. gpg --list-sigs introducer@example.com | grep myself@example.co.uk
  89.  
  90. echo
  91. echo -----------------------------------------------------------------
  92. echo STEP 6 : Show only introducer is valid
  93. echo alice and blake are invalid - undef
  94. echo they are signed by a key that myself has certified but not trusted
  95. echo chole and david are unknown
  96. echo they are signed by a key that myself has neither certified nor trusted
  97. gpg --list-sigs introducer@example.com alice@example.net blake@example.org \
  98. chloe@example.fr david@example.es
  99.  
  100. echo
  101. echo -----------------------------------------------------------------
  102. echo STEP 7 : Change introducer\'s certification to level 1 trust signature
  103. cat<<-EOF|gpg --command-fd 0 --edit-key introducer@example.com
  104. uid 1
  105. delsig
  106. n
  107. y
  108. tsign
  109. 2
  110. 1
  111.  
  112. y
  113. save
  114. EOF
  115. gpg --list-sigs introducer@example.com | grep myself@example.co.uk
  116.  
  117. echo
  118. echo -----------------------------------------------------------------
  119. echo STEP 8 : Show introducer, alice and blake are fully valid
  120. echo introducer is fully valid
  121. echo it is certified and trusted by myself
  122. echo alice and blake are fully valid
  123. echo they are certified by introducer who myself trusts
  124. echo chloe and david have undef validity
  125. echo they are signed by blake who is certified by introducer
  126. echo but myself does not trust introducer to level 2
  127. gpg --list-sigs introducer@example.com alice@example.net blake@example.org \
  128. chloe@example.fr david@example.es
  129.  
  130.  
  131. echo
  132. echo -----------------------------------------------------------------
  133. echo STEP 9 : Change level 1 trust signature to allow only example.org
  134. cat<<-EOF|gpg --command-fd 0 --edit-key introducer@example.com
  135. uid 1
  136. delsig
  137. n
  138. y
  139. tsign
  140. 2
  141. 1
  142. example.org
  143. y
  144. save
  145. EOF
  146. gpg --list-sigs introducer@example.com | grep myself@example.co.uk
  147.  
  148. echo
  149. echo -----------------------------------------------------------------
  150. echo STEP 10 : Show introduced keys are now invalid : unknown
  151. echo -- should blake@example.org still be fully valid here ?
  152. echo -- why do alice, blake, chloe and david change to unknown ?
  153. echo -- expected undef full undef undef
  154. gpg --list-sigs introducer@example.com alice@example.net blake@example.org \
  155. chloe@example.fr david@example.es
  156.  
  157.  
  158. echo STEP 11 : -----------------------------------------------------------------
  159. echo Change to level 2 trust signature - no domain restriction
  160. cat<<-EOF|gpg --command-fd 0 --edit-key introducer@example.com
  161. uid 1
  162. delsig
  163. n
  164. y
  165. tsign
  166. 2
  167. 2
  168.  
  169. y
  170. save
  171. EOF
  172. gpg --list-sigs introducer@example.com | grep myself@example.co.uk
  173.  
  174.  
  175. echo
  176. echo -----------------------------------------------------------------
  177. echo STEP 12 : Show introduced keys are now fully valid
  178. gpg --list-sigs introducer@example.com alice@example.net blake@example.org \
  179. chloe@example.fr david@example.es
  180.  
  181.  
  182. echo
  183. echo -----------------------------------------------------------------
  184. echo STEP 13 : Change level 2 trust signature to allow only example.org
  185. cat<<-EOF|gpg --command-fd 0 --edit-key introducer@example.com
  186. uid 1
  187. delsig
  188. n
  189. y
  190. tsign
  191. 2
  192. 2
  193. example.org
  194. y
  195. save
  196. EOF
  197. gpg --list-sigs introducer@example.com | grep myself@example.co.uk
  198.  
  199. echo
  200. echo -----------------------------------------------------------------
  201. echo STEP 14 : Show introduced keys are now invalid : unknown
  202. echo -- should blake@example.org be fully valid here ?
  203. gpg --list-sigs introducer@example.com alice@example.net blake@example.org \
  204. chloe@example.fr david@example.es
  205. echo
  206. echo -----------------------------------------------------------------
  207. echo STEP 15 : Change level 2 trust signature to allow only example.es
  208. cat<<-EOF|gpg --command-fd 0 --edit-key introducer@example.com
  209. uid 1
  210. delsig
  211. n
  212. y
  213. tsign
  214. 2
  215. 2
  216. example.es
  217. y
  218. save
  219. EOF
  220. gpg --list-sigs introducer@example.com | grep myself@example.co.uk
  221.  
  222. echo
  223. echo -----------------------------------------------------------------
  224. echo STEP 16 : Show introduced keys are now invalid : unknown
  225. echo -- should david@example.es be fully valid here ?
  226. gpg --list-sigs introducer@example.com alice@example.net blake@example.org \
  227. chloe@example.fr david@example.es
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!