1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
#!/bin/sh
set -e
pkg=secrecy
export LC_ALL=C.UTF-8
if [ "${AUTOPKGTEST_TMP}" = "" ] ; then
AUTOPKGTEST_TMP=$(mktemp -d /tmp/${pkg}-test.XXXXXX)
trap "rm -rf ${AUTOPKGTEST_TMP}" 0 INT QUIT ABRT PIPE TERM
fi
cd "${AUTOPKGTEST_TMP}"
set -v
################################################################################
# I. Test secrecy
# 0. Preparation
HOME="${AUTOPKGTEST_TMP}"
export HOME
cp -r /usr/share/doc/secrecy/* .
gunzip *.gz
readonly GPGID="autopkgtest@example.org"
readonly EXPIRY="$(date +'%F' -d 'tomorrow + 1 hour')"
gpg --batch --pinentry-mode loopback --passphrase '' \
--quick-generate-key "$GPGID" default default "$EXPIRY"
# 1. Create key
readonly KEYNAME="autpkgtest_key"
readonly KEYHASH="$( secrecy createKey AES256 "$GPGID" "$KEYNAME")"
secrecy listKeys
# 2. Encrypt files
secrecy encrypt "$KEYNAME" < changelog > changelog.ciphered
secrecy encrypt "$KEYHASH" < copyright > copyright.ciphered
# 3. Decrypt files
secrecy decrypt < changelog.ciphered > changelog.deciphered
secrecy decrypt < copyright.ciphered > copyright.deciphered
# Make sure the cipher/decipher cycle did not affect the payload.
diff changelog changelog.deciphered
diff copyright copyright.deciphered
# 4. Export key to share with second.autopkgtest@example.org
readonly GPGID2="second.autopkgtest@example.org"
gpg --batch --pinentry-mode loopback --passphrase '' \
--quick-gen-key "$GPGID2" default default "$EXPIRY"
secrecy exportKey "$KEYHASH" "$GPGID2" > exported_key.txt
# 5. Import key
# Destroy the initial secrecy key first, to make sure it is not used by
# accident.
rm -r "${HOME}/.libsecrecy"
secrecy importKey "$GPGID2" < exported_key.txt
secrecy listKeys
################################################################################
# II. Test libsecrecy-dev
# 0. Preparation
CXX="g++"
CXXFLAGS="$( pkg-config libsecrecy --cflags )"
LDFLAGS="$( pkg-config libsecrecy --libs )"
export CXXFLAGS LDFLAGS
printf -- 'CXXFLAGS=%s\nLDFLAGS=%s\n' "$CXXFLAGS" "$LDFLAGS"
# 1. Encryption program
cat > encrypt.cpp <<-END
#include <libsecrecy/GCMOutputStream.hpp>
#include <iostream>
int main()
{
std::string const scipher = "AES256";
std::string const shexhash = "$KEYHASH";
static std::size_t const buffersize = 16*1024;
libsecrecy::GCMOutputStream GOS(std::cout, shexhash);
char B[buffersize];
while ( std::cin )
{
std::cin.read(&B[0],buffersize);
GOS.write(&B[0],std::cin.gcount());
}
}
END
"$CXX" $CXXFLAGS -c encrypt.cpp -o encrypt.o
"$CXX" $CXXFLAGS encrypt.o -o encrypt $LDFLAGS
./encrypt < changelog > changelog.ciphered
./encrypt < copyright > copyright.ciphered
# 2. Decryption program
cat > decrypt.cpp <<-END
#include <libsecrecy/GCMInputStream.hpp>
#include <iostream>
int main()
{
libsecrecy::GCMInputStream GIS(std::cin);
static std::size_t const buffersize = 16*1024;
char B[buffersize];
while ( GIS )
{
GIS.read(&B[0],buffersize);
std::cout.write(&B[0],GIS.gcount());
}
}
END
"$CXX" $CXXFLAGS -c decrypt.cpp -o decrypt.o
"$CXX" $CXXFLAGS decrypt.o -o decrypt $LDFLAGS
./decrypt < changelog.ciphered > changelog.deciphered
./decrypt < copyright.ciphered > copyright.deciphered
# Make sure the cipher/decipher cycle did not affect the payload.
diff changelog changelog.deciphered
diff copyright copyright.deciphered
################################################################################
|
