From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Notmuch Mail <notmuch@notmuchmail.org>
Subject: [PATCH 03/15 v2] tests/smime: Include the Sample LAMPS Certificate Authority
Date: Thu, 30 Apr 2020 15:33:29 -0400 [thread overview]
Message-ID: <20200430193329.724846-1-dkg@fifthhorseman.net> (raw)
In-Reply-To: <20200428185723.660184-3-dkg@fifthhorseman.net>
This CA is useful for test suites and the like, but is not an
actually-secure CA, because its secret key material is also published.
I plan to use it for its intended purpose in the notmuch test suite.
It was copied from this Internet Draft:
https://tools.ietf.org/id/draft-dkg-lamps-samples-01.html#name-certificate-authority-certi
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
test/smime/README | 2 ++
test/smime/ca.crt | 20 ++++++++++++++++++++
test/test-lib.sh | 2 ++
3 files changed, 24 insertions(+)
create mode 100644 test/smime/ca.crt
diff --git a/test/smime/README b/test/smime/README
index 46211922..6f276398 100644
--- a/test/smime/README
+++ b/test/smime/README
@@ -5,3 +5,5 @@ key+cert.pem: cert + unencryped private
% gpgsm --import test.crt
% gpgsm --export-private-key-p12 -out foo.p12 (no passphrase)
% openssl pkcs12 -in ns.p12 -clcerts -nodes > key+cert.pem
+
+ca.crt: from https://tools.ietf.org/id/draft-dkg-lamps-samples-01.html#name-certificate-authority-certi
diff --git a/test/smime/ca.crt b/test/smime/ca.crt
new file mode 100644
index 00000000..b33d087f
--- /dev/null
+++ b/test/smime/ca.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDLTCCAhWgAwIBAgIULXcNXGI2bZp38sV7cF6VcQfnKDwwDQYJKoZIhvcNAQEN
+BQAwLTErMCkGA1UEAxMiU2FtcGxlIExBTVBTIENlcnRpZmljYXRlIEF1dGhvcml0
+eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowLTErMCkGA1UEAxMi
+U2FtcGxlIExBTVBTIENlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMUfZ8+NYSh6h36zQcXBo5B6ficAcBJ1f3aLxyN8
+QXB83XuP8aDRWQ9uJvJpQkWVH4zx96/E/zI0t0lDMYtZNqra16h+gxbHJgoq2pRw
+RCOiyYu/p2vzvvZ1dtFTMc/mIigjA/73kokui62j1EFy//fNVIihkVS3rAweq+fI
+8qJHSMhdc2aYa9wOP0eGe/HTiDYgT4L4f2HTGMGGwQgj1vub0gpR4YHmNqr0GyEA
+63mHUQUZpnmN1FEl+nVFA5Ntu4uF++qf/tkTji89/eXYBdKX2yUdTeTIKoCI65IL
+EXxezjTc8aFjf/8E0aWGVZR/DtCsjWOh/s/mV7n/YPyb4+ECAwEAAaNDMEEwDwYD
+VR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBS3Uk1zwIg9
+ssN6WgzzlPf3gKJ32zANBgkqhkiG9w0BAQ0FAAOCAQEALsU91Bmhc6EgCNr7inY2
+2gYPnosJ+kZ1eC0hvHIK9e0Tx74RmhTOe8M2C9YXQKehHpRaX+DLcjup6scoH/bT
+u0THbmzeOy29TTiFcyV9BK+SEKQWW4s98Fwdk9fPWcflHtYvqxjooAV3vHbt6Xmp
+KrKDz/jdg7t0ptI4zSqAf3wNppiJoswlOHBUnH2W1MIYkWQ4jYj5socblVlklHOr
+ykKUiEZAbjU+C1+0FhT4HgLjBB9R4H1H0JRKsggWiZBBJ6UpN0dTN4iD0mDVa0jy
+sJqqWnIViy/xaSDcNaWJmU3o2KmkMkdpinoJ5uLkAHQqXjFaujdU1PkufeA7v3uG
+Rw==
+-----END CERTIFICATE-----
diff --git a/test/test-lib.sh b/test/test-lib.sh
index d4fcea5a..1ffedb25 100644
--- a/test/test-lib.sh
+++ b/test/test-lib.sh
@@ -139,6 +139,8 @@ add_gpgsm_home ()
gpgsm --batch --no-tty --no-common-certs-import --disable-dirmngr --import < $NOTMUCH_SRCDIR/test/smime/test.crt >"$GNUPGHOME"/import.log 2>&1
fpr=$(gpgsm --batch --list-key test_suite@notmuchmail.org | sed -n 's/.*fingerprint: //p')
echo "$fpr S relax" >> $GNUPGHOME/trustlist.txt
+ gpgsm --quiet --batch --no-tty --no-common-certs-import --disable-dirmngr --import < $NOTMUCH_SRCDIR/test/smime/ca.crt
+ echo "4D:E0:FF:63:C0:E9:EC:01:29:11:C8:7A:EE:DA:3A:9A:7F:6E:C1:0D S" >> "$GNUPGHOME/trustlist.txt"
test_debug "cat $GNUPGHOME/import.log"
}
--
2.26.2
next prev parent reply other threads:[~2020-04-30 19:36 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-28 18:57 Add tests for S/MIME PKCS#7 messages Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 01/15] tests: move add_gpgsm_home to test-lib.sh Daniel Kahn Gillmor
2020-04-30 21:29 ` David Bremner
2020-04-28 18:57 ` [PATCH 02/15] tests/smime: Always use --batch with gpgsm Daniel Kahn Gillmor
2020-04-30 19:33 ` Daniel Kahn Gillmor [this message]
2020-04-28 18:57 ` [PATCH 03/15] tests/smime: Include the Sample LAMPS Certificate Authority Daniel Kahn Gillmor
2020-04-29 1:43 ` David Bremner
2020-04-30 16:51 ` Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 04/15] tests/smime: consistently quote $GNUPGHOME Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 05/15] tests/smime: Use gpgsm instead of openssl for mml creation of S/MIME msgs Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 06/15] tests/smime: avoid copying the key+cert.pem around Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 07/15] test: Allow tests to have both gpg and gpgsm active at once Daniel Kahn Gillmor
2020-04-29 20:02 ` Tomi Ollila
2020-04-30 16:53 ` Daniel Kahn Gillmor
2020-04-30 19:34 ` [PATCH 07/15 v2] " Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 08/15] tests/smime: include secret key material for Bob Daniel Kahn Gillmor
2020-04-29 20:05 ` Tomi Ollila
2020-04-30 16:56 ` Daniel Kahn Gillmor
2020-04-30 19:35 ` [PATCH 08/15 v2] " Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 09/15] tests: Add S/MIME messages to protected-headers corpus Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 10/15] tests/smime: Verify cryptographic message status Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 11/15] tests/smime: Test indexing cleartext of envelopedData Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 12/15] test-lib.sh: add test_valid_json Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 13/15] tests/smime: add tests for S/MIME SignedData Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 14/15] test/protected-headers: Add tests for S/MIME protected headers Daniel Kahn Gillmor
2020-04-28 18:57 ` [PATCH 15/15] tests: disable CRL checks from gpgsm Daniel Kahn Gillmor
2020-04-29 20:12 ` Tomi Ollila
2020-04-30 19:00 ` Daniel Kahn Gillmor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200430193329.724846-1-dkg@fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).