use strict; use Test::More tests => 36; use Crypt::OpenPGP; use Crypt::OpenPGP::Message; use vars qw( $SAMPLES ); unshift @INC, 't/'; require 'test-common.pl'; use File::Spec; my $text = <catfile( $SAMPLES, 'gpg', 'ring.sec' ); my $pubring = File::Spec->catfile( $SAMPLES, 'gpg', 'ring.pub' ); my $pgp = Crypt::OpenPGP->new( SecRing => $secring, PubRing => $pubring, ); isa_ok $pgp, 'Crypt::OpenPGP'; { # Test unarmoured encrypted data. my $ct = $pgp->encrypt( KeyID => $key_id, Data => $text, ); ok $ct, 'ciphertext is defined'; unlike $ct, qr/^-----BEGIN PGP MESSAGE/, 'no armouring'; my $pt = $pgp->decrypt( Data => $ct, Passphrase => $pass ); is $pt, $text, 'decrypting yields original text'; } { # Test armoured encrypted data. my $ct = $pgp->encrypt( KeyID => $key_id, Data => $text, Armour => 1, ); ok $ct, 'ciphertext is defined'; like $ct, qr/^-----BEGIN PGP MESSAGE/, 'armoured'; my $pt = $pgp->decrypt( Data => $ct, Passphrase => $pass ); is $pt, $text, 'decrypting yields original text'; } { # Test compressed encrypted data. my $ct = $pgp->encrypt( KeyID => $key_id, Data => $text, Compress => 1, ); ok $ct, 'ciphertext is defined'; my $pt = $pgp->decrypt( Data => $ct, Passphrase => $pass ); is $pt, $text, 'decrypting yields original text'; } { # Now test conventional encryption; might as well just # reuse the passphrase. my $ct = $pgp->encrypt( Passphrase => $pass, Data => $text, ); ok $ct, 'ciphertext is defined'; my $pt = $pgp->decrypt( Data => $ct, Passphrase => $pass ); is $pt, $text, 'decrypting yields original text'; } { # Now test encrypted-MDC packets. my $ct = $pgp->encrypt( Passphrase => $pass, Data => $text, MDC => 1, ); ok $ct, 'ciphertext is defined'; my $msg = Crypt::OpenPGP::Message->new( Data => $ct ); isa_ok $msg, 'Crypt::OpenPGP::Message'; my @pieces = $msg->pieces; isa_ok $pieces[-1], 'Crypt::OpenPGP::Ciphertext'; ok $pieces[-1]{is_mdc}, 'ciphertext packet is mdc-encrypted'; my $pt = $pgp->decrypt( Data => $ct, Passphrase => $pass ); is $pt, $text, 'decrypting yields original text'; } { # Test that Recipients param works w/ a key ID. my $ct = $pgp->encrypt( Recipients => $key_id, Data => $text, ); ok $ct, 'ciphertext is defined'; my $pt = $pgp->decrypt( Data => $ct, Passphrase => $pass ); is $pt, $text, 'decrypting yields original text'; } { # Test short key ID. my $ct = $pgp->encrypt( Recipients => substr( $key_id, -8, 8 ), Data => $text, ); ok $ct, 'ciphertext is defined'; my $pt = $pgp->decrypt( Data => $ct, Passphrase => $pass ); is $pt, $text, 'decrypting yields original text'; } { # Test user ID. my $ct = $pgp->encrypt( Recipients => $uid, Data => $text, ); ok $ct, 'ciphertext is defined'; my $pt = $pgp->decrypt( Data => $ct, Passphrase => $pass ); is $pt, $text, 'decrypting yields original text'; } { # Test multiple recipipents, for encrypt and decrypt. my $ct = $pgp->encrypt( Recipients => [ $key_id, $key_id ], Data => $text, ); ok $ct, 'ciphertext is defined'; my $pt = $pgp->decrypt( Data => $ct, Passphrase => $pass ); is $pt, $text, 'decrypting yields original text'; } { # Test multiple recipipents where we don't have secret key # for the first session key. my $ct = $pgp->encrypt( Recipients => [ $key_id2, $key_id ], Data => $text, ); ok $ct, 'ciphertext is defined'; my $pt = $pgp->decrypt( Data => $ct, Passphrase => $pass ); is $pt, $text, 'decrypting yields original text'; } { # Test giving encrypt and decrypt the Key parameter to # bypass looking up key in keyring. my $ring = Crypt::OpenPGP::KeyRing->new( Filename => $pgp->{cfg}->get( 'SecRing' ) ); my $kb = $ring->find_keyblock_by_keyid( pack 'H*', $key_id ); my $cert = $kb->encrypting_key; $cert->unlock( $pass ); my $ct = $pgp->encrypt( Key => $cert->public_cert, Data => $text, ); ok $ct, 'ciphertext is defined'; my $pt = $pgp->decrypt( Data => $ct, Key => $cert ); is $pt, $text, 'decrypting yields original text'; } { # Test multiple recipipents where we only pass in the Key # for the second key. my $ring = Crypt::OpenPGP::KeyRing->new( Filename => $pgp->{cfg}->get( 'SecRing' ) ); my $kb = $ring->find_keyblock_by_keyid( pack 'H*', $key_id ); my $cert = $kb->encrypting_key; $cert->unlock( $pass ); my $ct = $pgp->encrypt( Recipients => [ $key_id2, $key_id ], Data => $text, ); ok $ct, 'ciphertext is defined'; my $pt = $pgp->decrypt( Data => $ct, Key => $cert ); is $pt, $text, 'decrypting yields original text'; } { # Same, but we pass in the Key for the first key. my $ring = Crypt::OpenPGP::KeyRing->new( Filename => $pgp->{cfg}->get( 'SecRing' ) ); my $kb = $ring->find_keyblock_by_keyid( pack 'H*', $key_id ); my $cert = $kb->encrypting_key; $cert->unlock( $pass ); my $ct = $pgp->encrypt( Recipients => [ $key_id, $key_id2 ], Data => $text, ); ok $ct, 'ciphertext is defined'; my $pt = $pgp->decrypt( Data => $ct, Key => $cert ); is $pt, $text, 'decrypting yields original text'; } { # Test encrypting and signing at the same time, with a test of # the 3-element return list from decrypt. my $ct = $pgp->encrypt( KeyID => $key_id, Data => $text, SignKeyID => $key_id_sign, SignPassphrase => $pass, ); ok $ct, 'ciphertext is defined'; my( $pt, $valid, $sig ) = $pgp->decrypt( Data => $ct, Passphrase => $pass ); is $pt, $text, 'decrypting yields original text'; like $valid, qr/$uid/, 'signature is valid for uid'; is $sig->key_id, pack( 'H*', $key_id_sign ), 'key_id is correct'; }