diff options
author | Lars Wirzenius <liw@sequoia-pgp.org> | 2022-01-14 16:58:08 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@sequoia-pgp.org> | 2022-01-14 17:21:43 +0200 |
commit | c244c4e256eb5c712f610e95f868313c621267c4 (patch) | |
tree | 7e7dbc79a8b9fcaa09c96152041e0a8ad1eef1cc /sq | |
parent | b964e6bc05b8d3b143d863330ddf61b85ab27f8c (diff) |
test: verify "sq key extract-cert"
Sponsored-by: NLnet Foundation; NGI Assure; European Commission
Diffstat (limited to 'sq')
-rw-r--r-- | sq/sq-subplot.md | 79 |
1 files changed, 69 insertions, 10 deletions
diff --git a/sq/sq-subplot.md b/sq/sq-subplot.md index 6d02dcb1..056fe06f 100644 --- a/sq/sq-subplot.md +++ b/sq/sq-subplot.md @@ -141,16 +141,6 @@ then stdout contains "Key flags: signing" then stdout contains "Key flags: transport encryption, data-at-rest encryption" ~~~ -We also extract a certificate ("public key") from the key, to be -shared with others. - -~~~scenario -when I run sq key extract-cert -o cert.pgp tomjon.pgp -then file cert.pgp contains "-----BEGIN PGP PUBLIC KEY BLOCK-----" -then file cert.pgp contains "Comment: Tomjon" -then file cert.pgp contains "-----END PGP PUBLIC KEY BLOCK-----" -~~~ - ## Generate key without user identifiers _Requirement: We must be able to generate new encryption keys without @@ -365,6 +355,75 @@ when I run sq inspect key.pgp then stdout contains "Secret key: Encrypted" ~~~ +# Certificate extraction + +This chapter covers extraction of certificates from keys: the `sq key +extract-certificate` subcommand and its variations. + + +## Extract certificate to the standard output + +_Requirement: We must be able to extract a certificate to standard +output._ + +~~~scenario +given an installed sq +when I run sq key generate --export key.pgp +when I run sq key extract-cert key.pgp +then stdout contains "-----BEGIN PGP PUBLIC KEY BLOCK-----" +then stdout contains "-----END PGP PUBLIC KEY BLOCK-----" +~~~ + + +## Extract certificate to a file + +_Requirement: We must be able to extract a certificate to a named +file._ + +~~~scenario +given an installed sq +when I run sq key generate --export key.pgp +when I run sq key extract-cert key.pgp -o cert.pgp +then file cert.pgp contains "-----BEGIN PGP PUBLIC KEY BLOCK-----" +then file cert.pgp contains "-----END PGP PUBLIC KEY BLOCK-----" +~~~ + + +## Extract binary certificate to the standard output + +_Requirement: We must be able to extract a binary certificate to the +standard output._ + +This scenario actually only verifies the output doesn't look like a +textual certificate. It could certainly be improved. + +~~~scenario +given an installed sq +when I run sq key generate --export key.pgp +when I run sq key extract-cert key.pgp --binary +then stdout doesn't contain "-----BEGIN PGP PUBLIC KEY BLOCK-----" +then stdout doesn't contain "-----END PGP PUBLIC KEY BLOCK-----" +~~~ + + +## Extract binary certificate from the standard input + +_Requirement: We must be able to extract a certificate from a key read +from the standard input._ + +Unfortunately, Subplot does not currently have a way to redirect +stding from a file. This scenario is inactive and here as a +placeholder until Subplot learns a new trick. + +~~~ +given an installed sq +when I run sq key generate --export key.pgp +when I run sq key extract-cert < key.pgp +then stdout contains "-----BEGIN PGP PUBLIC KEY BLOCK-----" +then stdout contains "-----END PGP PUBLIC KEY BLOCK-----" +~~~ + + # Encrypt and decrypt a file using public keys _Requirement: We must be able to encrypt a file using a certificate, |