I've started work on a suite of test messages which are
intended to help verify the correctness of the receiving
end of a PGP/MIME implementation. Currently, I'm using
PGP 2.6.3in and RSA/MD5 for the underlying encryption and
signature creation, however, this can easily be changed to
a more modern version of PGP or GnuPG - the messages are
generated by a shell script, which does all the MIME stuff
"by hand", so no actual MUA is involved with the creation
of these messages.
The set of messages I have so far is quite simple.
Generally, I try to poke a bit at the interaction between
the MIME and PGP layers, and at crucial features which
should better be present on the PGP layer if PGP/MIME
should work.
- Problems I encountered in the past with the interaction
of MIME and PGP/MIME engines - this includes things like
quotes around boundary parameters where they aren't
needed and positions of parameters (I've chosen a
hopefully sufficiently strange order to expose eventual
bugs here; we may wish to check all permutations in the
future).
- Binary and text-mode signatures. The PGP/MIME text
doesn't specify what to send, and actually both types
are valid and should work neatly. However, this should
be verified.
- Trailing whitespace. I've seen this break some
back-ends.
- Unterminated last lines. It seems that there has been
some confusion about how this should be handled in the
past.
Those who are interested in trying this, please have a
look at:
ftp://riemann.iam.uni-bonn.de/pub/users/roessler/pgpmime-interop/
This directory contains 5 files:
- forms.txt is a first take at a report form.
- interop.maildir.tar is a tar archive which contains a
maildir folder with the 36 test messages. Essentially,
this is a directory structure where every message is
stored in a file of it's own.
- interop.mbox is an mbox folder which contains the 36
test messages.
- interop.pgp.tar contains the pubring.pgp and secring.pgp
files with the key I use for testing. The pass phrase
is "none".
- interop.src.tar contains the shell script and a small C
helper program I use to create the messages.
Comments are highly welcome. Also, please notify me
immediately if my script is generating illegal messages
(although I hope not to do this).
--
http://www.guug.de/~roessler/