Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- #
- export GNUPGHOME
- echo -----------------------------------------------------------------
- echo VERSION INFORMATION
- gpg --version
- uname -vimposr
- echo
- echo -----------------------------------------------------------------
- echo STEP 1 : Generate test keys and export them
- for n in myself@example.co.uk introducer@example.com alice@example.net blake@example.org chloe@example.fr david@example.es
- do
- GNUPGHOME="$(pwd)/sandbox/$n"
- rm -rf "$GNUPGHOME"
- mkdir -p -m 700 "$GNUPGHOME"
- cat<<-EOF|gpg --batch --gen-key
- %echo Generating $n
- %no-protection
- Key-Type: RSA
- Key-Length: 1024
- Name-Real: ${n%@*}
- Name-Email: $n
- EOF
- gpg --export $n > $GNUPGHOME/$n.gpg
- done
- echo
- echo -----------------------------------------------------------------
- echo STEP 2 : my introducer knows alice and blake
- echo import keys into the introducer\'s key-ring sign them and export
- echo apply level 1 unrestricted trust-signature to blake
- GNUPGHOME="$(pwd)/sandbox/introducer@example.com"
- for n in alice@example.net #blake@example.org
- do
- gpg --import "$GNUPGHOME/../$n/$n.gpg"
- yes | gpg --command-fd 0 --sign-key $n
- gpg --export $n > $GNUPGHOME/$n.gpg
- done
- for n in blake@example.org
- do
- gpg --import "$GNUPGHOME/../$n/$n.gpg"
- cat<<-EOF|gpg --command-fd 0 --edit-key $n
- tsign
- 2
- 1
- y
- save
- EOF
- gpg --export $n > $GNUPGHOME/$n.gpg
- done
- echo
- echo -----------------------------------------------------------------
- echo STEP 3 : blake knows chloe and david
- echo import keys into blake\'s key-ring sign them and export
- GNUPGHOME="$(pwd)/sandbox/blake@example.org"
- for n in chloe@example.fr david@example.es
- do
- gpg --import "$GNUPGHOME/../$n/$n.gpg"
- yes | gpg --command-fd 0 --sign-key $n
- gpg --export $n > $GNUPGHOME/$n.gpg
- done
- echo
- echo -----------------------------------------------------------------
- echo STEP 4 : import signed keys and show that they are not valid : unknown
- GNUPGHOME="$(pwd)/sandbox/myself@example.co.uk"
- for n in introducer@example.com alice@example.net blake@example.org
- do
- gpg --import $GNUPGHOME/../introducer@example.com/$n.gpg
- gpg --list-sigs $n
- done
- for n in chloe@example.fr david@example.es
- do
- gpg --import $GNUPGHOME/../blake@example.org/$n.gpg
- gpg --list-sigs $n
- done
- echo
- echo -----------------------------------------------------------------
- echo STEP 5 : Sign the introducer\'s key
- yes | gpg --command-fd 0 --sign-key introducer@example.com
- gpg --list-sigs introducer@example.com | grep myself@example.co.uk
- echo
- echo -----------------------------------------------------------------
- echo STEP 6 : Show only introducer is valid
- echo alice and blake are invalid - undef
- echo they are signed by a key that myself has certified but not trusted
- echo chole and david are unknown
- echo they are signed by a key that myself has neither certified nor trusted
- gpg --list-sigs introducer@example.com alice@example.net blake@example.org \
- chloe@example.fr david@example.es
- echo
- echo -----------------------------------------------------------------
- echo STEP 7 : Change introducer\'s certification to level 1 trust signature
- cat<<-EOF|gpg --command-fd 0 --edit-key introducer@example.com
- uid 1
- delsig
- n
- y
- tsign
- 2
- 1
- y
- save
- EOF
- gpg --list-sigs introducer@example.com | grep myself@example.co.uk
- echo
- echo -----------------------------------------------------------------
- echo STEP 8 : Show introducer, alice and blake are fully valid
- echo introducer is fully valid
- echo it is certified and trusted by myself
- echo alice and blake are fully valid
- echo they are certified by introducer who myself trusts
- echo chloe and david have undef validity
- echo they are signed by blake who is certified by introducer
- echo but myself does not trust introducer to level 2
- gpg --list-sigs introducer@example.com alice@example.net blake@example.org \
- chloe@example.fr david@example.es
- echo
- echo -----------------------------------------------------------------
- echo STEP 9 : Change level 1 trust signature to allow only example.org
- cat<<-EOF|gpg --command-fd 0 --edit-key introducer@example.com
- uid 1
- delsig
- n
- y
- tsign
- 2
- 1
- example.org
- y
- save
- EOF
- gpg --list-sigs introducer@example.com | grep myself@example.co.uk
- echo
- echo -----------------------------------------------------------------
- echo STEP 10 : Show introduced keys are now invalid : unknown
- echo -- should blake@example.org still be fully valid here ?
- echo -- why do alice, blake, chloe and david change to unknown ?
- echo -- expected undef full undef undef
- gpg --list-sigs introducer@example.com alice@example.net blake@example.org \
- chloe@example.fr david@example.es
- echo STEP 11 : -----------------------------------------------------------------
- echo Change to level 2 trust signature - no domain restriction
- cat<<-EOF|gpg --command-fd 0 --edit-key introducer@example.com
- uid 1
- delsig
- n
- y
- tsign
- 2
- 2
- y
- save
- EOF
- gpg --list-sigs introducer@example.com | grep myself@example.co.uk
- echo
- echo -----------------------------------------------------------------
- echo STEP 12 : Show introduced keys are now fully valid
- gpg --list-sigs introducer@example.com alice@example.net blake@example.org \
- chloe@example.fr david@example.es
- echo
- echo -----------------------------------------------------------------
- echo STEP 13 : Change level 2 trust signature to allow only example.org
- cat<<-EOF|gpg --command-fd 0 --edit-key introducer@example.com
- uid 1
- delsig
- n
- y
- tsign
- 2
- 2
- example.org
- y
- save
- EOF
- gpg --list-sigs introducer@example.com | grep myself@example.co.uk
- echo
- echo -----------------------------------------------------------------
- echo STEP 14 : Show introduced keys are now invalid : unknown
- echo -- should blake@example.org be fully valid here ?
- gpg --list-sigs introducer@example.com alice@example.net blake@example.org \
- chloe@example.fr david@example.es
- echo
- echo -----------------------------------------------------------------
- echo STEP 15 : Change level 2 trust signature to allow only example.es
- cat<<-EOF|gpg --command-fd 0 --edit-key introducer@example.com
- uid 1
- delsig
- n
- y
- tsign
- 2
- 2
- example.es
- y
- save
- EOF
- gpg --list-sigs introducer@example.com | grep myself@example.co.uk
- echo
- echo -----------------------------------------------------------------
- echo STEP 16 : Show introduced keys are now invalid : unknown
- echo -- should david@example.es be fully valid here ?
- gpg --list-sigs introducer@example.com alice@example.net blake@example.org \
- chloe@example.fr david@example.es
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement