Regenerate GPG test keys

commit 4f7a2425e5dc7eceeb4d026020982cb75e6bc020
parent c8439530e14cd5d5ad90fdddbc6bc7e3fed6c246
Author: Iain Parris <ipv2.vcs@parris.org>
Date:   Sun, 14 Jun 2020 02:19:43 +0100

Regenerate GPG test keys

The previous test GPG keys had expired on 2015-08-22, causing all
subsequent Travis CI builds to fail.

The new keys are set to not expire, to avoid a repeat of this problem in
future.

test/gnupg_test_home/regen_keys.sh modified for GPG 2.1+, storing keys in
formats suitable for use by GPG 1, GPG 2.0, and GPG 2.1+.

Note:
- RSA instead of DSA, because GPG 2.1+ doesn't like DSA for usage "encrypt"
- ECC test key wasn't being used by any tests, so not regenerated

Diffstat:

M	.gitignore	\|	4	+---
D	test/gnupg_test_home/key1.gen	\|	15	---------------
D	test/gnupg_test_home/key2.gen	\|	15	---------------
D	test/gnupg_test_home/key_ecc.gen	\|	13	-------------
A	test/gnupg_test_home/private-keys-v1.d/306D2EE90FF0014B5B9FD07E265C751791674140.key	\|	0
D	test/gnupg_test_home/private-keys-v1.d/719C7455A7169C6EE8819C6E91002E4F9DD00A65.key	\|	2	--
D	test/gnupg_test_home/private-keys-v1.d/8A130806A754AA29D59487D76BD355040D9F26C0.key	\|	0
D	test/gnupg_test_home/private-keys-v1.d/B7AA46B22BD8A6AD1B4F266C19A3B124A32DDD71.key	\|	0
D	test/gnupg_test_home/private-keys-v1.d/FA64ACD7CC871371BDF57285A6CDF0E618827783.key	\|	0
M	test/gnupg_test_home/pubring.gpg	\|	0
M	test/gnupg_test_home/receiver_pubring.gpg	\|	0
M	test/gnupg_test_home/receiver_secring.gpg	\|	0
M	test/gnupg_test_home/regen_keys.sh	\|	87	++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----------------
M	test/gnupg_test_home/secring.gpg	\|	0
M	test/gnupg_test_home/sup-test-2@foo.bar.asc	\|	42	++++++++++++++++++++----------------------

15 files changed, 90 insertions(+), 88 deletions(-)
diff --git a/.gitignore b/.gitignore
@@ -17,6 +17,4 @@ Gemfile.lock
 test/gnupg_test_home/random_seed
 test/gnupg_test_home/trustdb.gpg
 test/gnupg_test_home/.gpg-v21-migrated
-test/gnupg_test_home/private-keys-v1.d
-
-
+test/gnupg_test_home/openpgp-revocs.d
diff --git a/test/gnupg_test_home/key1.gen b/test/gnupg_test_home/key1.gen
@@ -1,15 +0,0 @@
- %echo Generating a standard key
- Key-Type: DSA
- Key-Length: 1024
- Subkey-Type: ELG-E
- Subkey-Length: 1024
- Name-Real: Sup Test Sender 1 
- Name-Comment: Test sender key
- Name-Email: sup-test-1@foo.bar 
- Expire-Date: 1y
- %no-protection
- %pubring pubring.gpg
- %secring secring.gpg
- # Do a commit here, so that we can later print "done" :-)
- %commit
- %echo done
diff --git a/test/gnupg_test_home/key2.gen b/test/gnupg_test_home/key2.gen
@@ -1,15 +0,0 @@
- %echo Generating a standard key
- Key-Type: DSA
- Key-Length: 1024
- Subkey-Type: ELG-E
- Subkey-Length: 1024
- Name-Real: Sup Test Receiver
- Name-Comment: Test receiver for Sup
- Name-Email: sup-test-2@foo.bar
- Expire-Date: 1y
- %no-protection
- %pubring pubring.gpg
- %secring secring.gpg
- # Do a commit here, so that we can later print "done" :-)
- %commit
- %echo done
diff --git a/test/gnupg_test_home/key_ecc.gen b/test/gnupg_test_home/key_ecc.gen
@@ -1,13 +0,0 @@
- %echo Generating a standard key
- Key-Type: eddsa
- Key-Curve: Ed25519
- Name-Real: Sup Test ECC
- Name-Comment: Test ECC key
- Name-Email: sup-test-ecc@foo.bar
- Expire-Date: 1y
- %no-protection
- %pubring pubring.gpg
- %secring secring.gpg
- # Do a commit here, so that we can later print "done" :-)
- %commit
- %echo done
diff --git a/test/gnupg_test_home/private-keys-v1.d/306D2EE90FF0014B5B9FD07E265C751791674140.key b/test/gnupg_test_home/private-keys-v1.d/306D2EE90FF0014B5B9FD07E265C751791674140.key
Binary files differ.
diff --git a/test/gnupg_test_home/private-keys-v1.d/719C7455A7169C6EE8819C6E91002E4F9DD00A65.key b/test/gnupg_test_home/private-keys-v1.d/719C7455A7169C6EE8819C6E91002E4F9DD00A65.key
@@ -1 +0,0 @@
-(11:private-key(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q33:@�R���:_��eݒ�٥�K����28iA-�t)(1:d32:��}������y���U����D��h��T��@)))
-\ No newline at end of file
diff --git a/test/gnupg_test_home/private-keys-v1.d/8A130806A754AA29D59487D76BD355040D9F26C0.key b/test/gnupg_test_home/private-keys-v1.d/8A130806A754AA29D59487D76BD355040D9F26C0.key
Binary files differ.
diff --git a/test/gnupg_test_home/private-keys-v1.d/B7AA46B22BD8A6AD1B4F266C19A3B124A32DDD71.key b/test/gnupg_test_home/private-keys-v1.d/B7AA46B22BD8A6AD1B4F266C19A3B124A32DDD71.key
Binary files differ.
diff --git a/test/gnupg_test_home/private-keys-v1.d/FA64ACD7CC871371BDF57285A6CDF0E618827783.key b/test/gnupg_test_home/private-keys-v1.d/FA64ACD7CC871371BDF57285A6CDF0E618827783.key
Binary files differ.
diff --git a/test/gnupg_test_home/pubring.gpg b/test/gnupg_test_home/pubring.gpg
Binary files differ.
diff --git a/test/gnupg_test_home/receiver_pubring.gpg b/test/gnupg_test_home/receiver_pubring.gpg
Binary files differ.
diff --git a/test/gnupg_test_home/receiver_secring.gpg b/test/gnupg_test_home/receiver_secring.gpg
Binary files differ.
diff --git a/test/gnupg_test_home/regen_keys.sh b/test/gnupg_test_home/regen_keys.sh
@@ -1,38 +1,89 @@
-#! /bin/bash
+#!/bin/bash
 #
 # re-generate test keys for the sup test base
 #
 # https://github.com/sup-heliotrope/sup/wiki/Development%3A-Crypto
+# 
+# Requires GPG 2.1+ installed as "gpg2"
+# 
+# GPG 2.1+ by default uses pubring.kbx - but this isn't backwards compatible
+# with GPG 1 or GPG 2.0.
+# Workaround:
+#   - Create empty pubring.gpg file, which causes GPG 2.1+ to use this
+#     backwards-compatible store.
+#   - Manually export private key copy to secring.gpg, which would be used
+#     by GPG 1.
+
+set -e -u -o pipefail
 
 pushd $(dirname $0)
 
-export GNUPGHOME="$(pwd)"
+echo "Generating keys in: $(pwd)..."
 
-echo "genrating keys in: $GNUPGHOME.."
+echo "Checking gpg2 version"
+gpg2 --version | head -1
 
-rm *.gpg *.asc
+echo "Deleting all existing test keys"
+rm -f \
+    *.gpg \
+    *.asc \
+    private-keys-v1.d/*.key \
+    .gpg-v21-migrated
 
-echo "generate receiver key.."
-gpg --batch --gen-key key2.gen
+echo "Generating key pair for test receiver (email sup-test-2@foo.bar.asc)"
+touch pubring.gpg  # So GPG 2.1+ writes to pubring.gpg instead of pubring.kbx
+gpg2 \
+    --homedir . \
+    --batch \
+    --pinentry-mode loopback \
+    --passphrase '' \
+    --quick-generate-key sup-test-2@foo.bar rsa encrypt,sign 0
 
-echo "export receiver key.."
+echo "Exporting public key only for test receiver (file sup-test-2@foo.bar.asc)"
+gpg2 \
+    --homedir . \
+    --armor \
+    --output sup-test-2@foo.bar.asc \
+    --export sup-test-2@foo.bar
 
-gpg --output sup-test-2@foo.bar.asc --armor --export sup-test-2@foo.bar
+echo "Backing up secret key for test receiver (file receiver_secring.gpg)"
+gpg2 \
+    --homedir . \
+    --export-secret-keys \
+    >receiver_secring.gpg
 
-mv trustdb.gpg receiver_trustdb.gpg
-mv secring.gpg receiver_secring.gpg
-mv pubring.gpg receiver_pubring.gpg
+echo "Backing up pubring.gpg for test receiver (file receiver_pubring.gpg)"
+cp -a pubring.gpg receiver_pubring.gpg
 
-echo "generate sender key.."
-gpg --batch --gen-key key1.gen
+echo "Clearing key store, so we can start from a blank slate for next key(s)"
+rm -f pubring.gpg trustdb.gpg private-keys-v1.d/*.key .gpg-v21-migrated
 
-echo "generate ecc key.."
-gpg --batch --gen-key key_ecc.gen
+echo "Generating key pair for sender (email sup-test-1@foo.bar)"
+touch pubring.gpg  # So GPG 2.1+ writes to pubring.gpg instead of pubring.kbx
+gpg2 \
+    --homedir . \
+    --batch \
+    --pinentry-mode loopback \
+    --passphrase '' \
+    --quick-generate-key sup-test-1@foo.bar rsa encrypt,sign 0
 
-echo "import receiver key.."
-gpg --import sup-test-2@foo.bar.asc
+echo "Importing public key for receiver, into sender's key store"
+gpg2 \
+    --homedir . \
+    --import sup-test-2@foo.bar.asc
 
+echo "Copy private key also to secring.gpg (old format used by GPG 1)"
+gpg2 \
+    --homedir . \
+    --export-secret-keys \
+    >secring.gpg
 
+echo "Done."
 
-popd
+echo "We now have two non-expiring public keys (receiver & sender):"
+gpg2 --homedir . --list-keys
 
+echo "And we also have only *one* corresponding private key (sender only):"
+gpg2 --homedir . --list-secret-keys
+
+popd
diff --git a/test/gnupg_test_home/secring.gpg b/test/gnupg_test_home/secring.gpg
Binary files differ.
diff --git a/test/gnupg_test_home/sup-test-2@foo.bar.asc b/test/gnupg_test_home/sup-test-2@foo.bar.asc
@@ -1,25 +1,23 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2
 
-mQGiBFP3VogRBADVBEkaZQXj728C1HUIaTRDCFoKzojwC79Z1BLsD72qQYE8z1ic
-5P9CJpJU5wbhQFDTGBjw+i1nNTWy01z4q5bfFqok+KorT3XNp5IJRcRIEOkj+Twq
-7ZaSODwXGsUmdzSoOVDYmtUpVzRQe0IM0rPQQV4vGzgw55FdJBe7a63nIwCg+WvR
-iQN09PlhpGG7SIEmx0psEqUEAL/t1c5oC9RC7L4a0GM+2AcgFRBMXvzpdnytrzgt
-73Ud6CcUplQp6WODrUYhX0RLzSJPO4zWDsBmkBad/iQCwbCKpFPfAFdBMArJpknx
-rc6vRED4a9dLfCNTT1g86CkiElge9t36juZgOoFT3xt/XP7BxhU1fCFshZNR6VK6
-tN9eA/9G4fUX6XvEGIrNiBYKyU4QvM1nyMXCBujm7vYF6KfSlYyAvVXxG4h+mvUy
-ZXQ/WHMQJSbPTY3dd4hmo0p0GUMlSvXU8JLf7qienW1IccD9Pv88J1XjkbFd+wgw
-feoSx1sAfc36gH+aE17lvsU+PPAP4Bc9CSiScNo0iQv7v/KZjrQ+U3VwIFRlc3Qg
-UmVjZWl2ZXIgKFRlc3QgcmVjZWl2ZXIgZm9yIFN1cCkgPHN1cC10ZXN0LTJAZm9v
-LmJhcj6IaQQTEQIAKQUCU/dWiAIbIwUJAeEzgAcLCQgHAwIBBhUIAgkKCwQWAgMB
-Ah4BAheAAAoJEKfs+g8ACvQGPxIAnj1CSZCzjwyIFLgNEQnIhntU+b28AKDsMEVN
-gf9mHqwhabN+UKgBwX0U3LkBDQRT91aIEAQAjQZEnDK++SKp/l2Oiku6H9IuCsi4
-lv+MhLQP0bMuD4DrPk3mauZNc8BB+U0wgAMh/kZoCKySEdMK1mcf2iOsd5yOCrK+
-sJQAMsALAnrYjCE9QA2xIQs8gHF4PrKopycF55iRHQMDNa1QWfs+j4WJaXderlGQ
-S0dGfLyoqtZsFusAAwUEAIi0+aDZlAVVIdDO2cvR0lu6eDW2Mr2ExZzuwTfAI6dS
-tJLoPzoA2OAVW7cFVVpCOHcVLiF2GOHvtJPw1MgpxaNjzpNdJPTiP2sYZg253dfR
-v66Cw9IuWKgZcElWXmIy5vFWqWWbLyTBOuwEQxCsFnjN9UUZauSADOJSPFy1sekf
-iE8EGBECAA8FAlP3VogCGwwFCQHhM4AACgkQp+z6DwAK9Ab/swCg8LWNwfMwNk+H
-gLgnS1LVsesZ8D4An2Ie2P0/oYuSmPPFV44kbWySX9wW
-=Jo82
+mQGNBF7leTkBDAC3auy8xodH6jxoISylFZTpVqy/0L2ul879YUb/QbC58+F/H36S
+CjLfPxFlq0FAOXHelOvktxaybg+BG5UpSvTgBLbcArq5nctee+04TMXCzQzrG2V1
+zb9gIRT665fX3+WYncSIXdr4LAp7r8Jw3RT3tTOZqbaencumCWaJblnvfFwPrMKf
+AXWa/NVndNMAXmJ5uBf1MRr45KXaQ2tczPIeHqSOKhKNnKZPRqPs0fg4i3d0Vb6G
+yItgtJapfBo50FV+PvtodMHo3LDlz/BBjdEJHSvghqEjb1S7xGo+hdXs+lfCMfa0
+3PAWoj+OeHNorbK0YbVKOtS0E0xYvScbyC7bfwtA9yb3LZYmy7VHsKJmQfygCNQ6
+wIKQGAVN1NcQcJsvWyAwk9+WMN5oqB5lb76u40beoWlUjSJRlph2VvWvkGuh/huU
+sVGqcN7EO4SFkwi2YQLoWfQRGur3mids/PQTBywpGE1SyziPZK76pT6SqP8b+OpI
+CG1QbcTZzYpbv6kAEQEAAbQSc3VwLXRlc3QtMkBmb28uYmFyiQHOBBMBCgA4FiEE
+e0oXvVeqMzUcfd1s2bF8xbTizW8FAl7leTkCGw8FCwkIBwIGFQoJCAsCBBYCAwEC
+HgECF4AACgkQ2bF8xbTizW92TAv/WGlYfDTKNEmJ0K+kxt33T2ldmZXaJKL04Mft
+h5s5KlRZWDNpkCC/L55uyaeEg+Uy+BEEQKLAEeJrrLMV8UMJwMPDOizSTT9uLyiz
+b8RjnQw4iMT8wt9TQboXGaTMslwdXvFPii7w44KgCimE7VuPetJuLMLMbnl147G8
++QhkNUsrB51TuPS8xZJ4qjbH+K/Y2NlvwLtJrxNE3SRQuy2ApYJxKPZIj1KpUL8M
+7Jy/2hI8DaRm/0Fpu8HwRIVsd6/dgdkqdj1uVyLj+wyhgdzqV5WrPLFCRVhd3icd
+lPNRIDjg8YKCh353LVHjKwefOW4SnkOPn4uVMdCP9gUFd9zpMP9lMFpjk0o0tcYO
+NiFrOclS4q5qZ5jrj1MnBF0NaGhuC83DDgRfKV+p5noVeJxg0nXYZSlsSMfAT/K7
+FbdNEg0XUsrLgWVzhvWv/ebMetFPSfGHIveZ7lhiq1qpA5hLBNfSSBb1JJsFmtQt
+cEUluymdNe5W7Y6UGs1CpvcIvbj+
+=Cy9S
 -----END PGP PUBLIC KEY BLOCK-----

sup.git