OpenPGP interoperability test suite

These are the results of running the OpenPGP interoperability test suite version 0.1.0 (1807e92) on 2021-02-23T13:38.

This test suite has been very successful in identifying problems in many OpenPGP implementations. If you want to see your implementation included in these results, please implement the Stateless OpenPGP Command Line Interface and open an issue in our tracker. Note: The implementation doesn't have to be complete to be useful.

How to read the test results

Tests are loosely coupled in categories. Both tests and categories have anchors and can be linked to. The anchors should be stable enough to be included in commit messages and documentation. Every test describes the setup, and may introduce terminology used in the test results. Additional resources (e.g. certificates) required by the test can be inspected by clicking on the inspect button (). The results are in tabular form. The producers are on the left going down, the consumers on the top going right.

There are two kinds of tests. In producer-consumer tests, the OpenPGP implementations being tested produce an artifact (e.g. they encrypt a message), and every implementation is used to consume the artifact (e.g. to decrypt the encrypted message). In consumer tests, the artifacts are produced by the test suite, and consumed by every OpenPGP implementation. In either case, the artifact that is consumed can be inspected by clicking on the inspect button () in the second column in every row. If a producer failed to produce an artifact, or the artifact did not conform to the expectation, a cross mark (✗) is displayed. Hovering over it with the mouse pointer reveals the error message in a tooltip.

Each row now contains the result of consuming the row's artifact using the different OpenPGP implementations. Here, a check mark (✓) indicates that the operation was successful. The resulting output (e.g. the decrypted message) can be found in the tooltip. Like before, a cross mark (✗) indicates that the operation was not successful, or the produced artifact did not meet expectations. Again, details can be found in the tooltip.

Up to this point, we did not judge whether or not a operation should be successful or not, we merely recorded the facts. This answers the question of how implementations react to certain inputs, and we can quantify that and have an informed conversation about the consequences. But, we observed that the bare results were hard to interpret, a problem exacerbated by the vastness of the results due to combinatorial effects.

To address this, most tests now have an expectation for the outcome, and an explanation for the expected outcome. (If one of these expectations disagree with you, please get in touch!) If the result of an operation agrees with the expectation, the result has a green background and has a diagonal line in the top-left corner. If they disagree, the background is red and the line is in the top-right corner.

Example test

This is an example.

Additional artifacts:

Consumer
FooPGP/1
BarPGP/2
BazPGP/3
Expectation
Comment
Producer Artifact
Base case
Interoperability concern.
Well-formed variant
Interoperability concern.
Malformed variant
Message is malformed.
Weird variant
Producer failure Should work (TM).
An example consumer test result

Table of Contents

  1. Test Results
    1. Asymmetric Encryption
      1. Encrypt-Decrypt roundtrip with key 'Alice'
      2. Encrypt-Decrypt roundtrip with key 'Bob'
      3. Recipient IDs
    2. Symmetric Encryption
      1. Symmetric Encryption Algorithm support
      2. Encrypt-Decrypt roundtrip with key 'Bob', IDEA
      3. Encrypt-Decrypt roundtrip with key 'Bob', TripleDES
      4. Encrypt-Decrypt roundtrip with key 'Bob', CAST5
      5. Encrypt-Decrypt roundtrip with key 'Bob', Blowfish
      6. Encrypt-Decrypt roundtrip with key 'Bob', AES128
      7. Encrypt-Decrypt roundtrip with key 'Bob', AES192
      8. Encrypt-Decrypt roundtrip with key 'Bob', AES256
      9. Encrypt-Decrypt roundtrip with key 'Bob', Twofish
      10. Encrypt-Decrypt roundtrip with key 'Bob', Camellia128
      11. Encrypt-Decrypt roundtrip with key 'Bob', Camellia192
      12. Encrypt-Decrypt roundtrip with key 'Bob', Camellia256
      13. Encrypt-Decrypt roundtrip with key 'Bob', EAX
      14. Encrypt-Decrypt roundtrip with key 'Bob', OCB
      15. SEIP packet support
    3. Detached Signatures
      1. Detached Sign-Verify roundtrip with key 'Alice'
      2. Detached Sign-Verify roundtrip with key 'Bob'
      3. Detached signature with Subpackets
      4. Detached signatures: Linebreak normalization
      5. Detached signatures with unknown packets
    4. Hash Algorithms
      1. Detached Sign-Verify roundtrip with key 'Bob', MD5
      2. Detached Sign-Verify roundtrip with key 'Bob', SHA1
      3. Detached Sign-Verify roundtrip with key 'Bob', RipeMD
      4. Detached Sign-Verify roundtrip with key 'Bob', SHA256
      5. Detached Sign-Verify roundtrip with key 'Bob', SHA384
      6. Detached Sign-Verify roundtrip with key 'Bob', SHA512
      7. Detached Sign-Verify roundtrip with key 'Bob', SHA224
      8. Signature over the shattered collision
    5. Compression Algorithms
      1. Compression Algorithm support
    6. Key Generation
      1. Default key generation, encrypt-decrypt roundtrip
      2. Default key generation, encrypt-decrypt roundtrip, 2 UIDs
      3. Default key generation, encrypt-decrypt roundtrip, no UIDs
    7. Certificates
      1. Interpretation of encryption keyflags
      2. Interpretation of primary key flags
      3. Primary key binding signatures
      4. Key Flags Composition
      5. Perturbed certificates
      6. Certificate expiration
      7. Detached primary key
      8. Binding signature subpackets
      9. I'm My Own Grandpa
      10. Temporary validity
    8. Revocations
      1. Key revocation test: primary key signs and is not revoked (base case)
      2. Key revocation test: subkey signs, primary key is not revoked (base case)
      3. Key revocation test: primary key signs and is revoked; revoked: no subpacket
      4. Key revocation test: subkey signs, primary key is revoked; revoked: no subpacket
      5. Key revocation test: subkey signs, subkey is revoked; revoked: no subpacket
      6. Key revocation test: primary key signs and is revoked; revoked: unspecified
      7. Key revocation test: subkey signs, primary key is revoked; revoked: unspecified
      8. Key revocation test: subkey signs, subkey is revoked; revoked: unspecified
      9. Key revocation test: primary key signs and is revoked; revoked: compromised
      10. Key revocation test: subkey signs, primary key is revoked; revoked: compromised
      11. Key revocation test: subkey signs, subkey is revoked; revoked: compromised
      12. Key revocation test: primary key signs and is revoked; revoked: private
      13. Key revocation test: subkey signs, primary key is revoked; revoked: private
      14. Key revocation test: subkey signs, subkey is revoked; revoked: private
      15. Key revocation test: primary key signs and is revoked; revoked: unknown
      16. Key revocation test: subkey signs, primary key is revoked; revoked: unknown
      17. Key revocation test: subkey signs, subkey is revoked; revoked: unknown
      18. Key revocation test: primary key signs and is revoked; revoked: superseded
      19. Key revocation test: subkey signs, primary key is revoked; revoked: superseded
      20. Key revocation test: subkey signs, subkey is revoked; revoked: superseded
      21. Key revocation test: primary key signs and is revoked; revoked: key retired
      22. Key revocation test: subkey signs, primary key is revoked; revoked: key retired
      23. Key revocation test: subkey signs, subkey is revoked; revoked: key retired
      24. Key revocation test: primary key signs and is revoked; revoked: uid retired
      25. Key revocation test: subkey signs, primary key is revoked; revoked: uid retired
      26. Key revocation test: subkey signs, subkey is revoked; revoked: uid retired
    9. Message structure
      1. Unusual Message Structure
      2. Maximum recursion depth
      3. Marker Packet
      4. Messages with unknown packets
    10. ASCII Armor
      1. Concatenated ASCII Armor Keyring
      2. Mangled ASCII Armor
    11. Elliptic Curve Cryptography
      1. EdDSA signature encodings
    12. Packet parser
      1. Packet boundaries
      2. Packet excess consumption
  2. Test Summary
  3. Hall of Fame
  4. Configuration

Test Results

Asymmetric Encryption

Encrypt-Decrypt roundtrip with key 'Alice'

Encrypt-Decrypt roundtrip using the 'Alice' key from draft-bre-openpgp-samples-00.

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
Interoperability concern.
Sequoia/0.20.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.0.1
Interoperability concern.
OpenPGP.js/v4.10.7
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20201125.80ba4a2
Interoperability concern.
SOPGPy/0.1.0/0.5.3
Interoperability concern.
GPGME/2.2.20
Interoperability concern.
GPGME/1.4.23 Interoperability concern.

Encrypt-Decrypt roundtrip with key 'Bob'

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00.

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
Interoperability concern.
Sequoia/0.20.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.0.1
Interoperability concern.
OpenPGP.js/v4.10.7
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20201125.80ba4a2
Interoperability concern.
SOPGPy/0.1.0/0.5.3
Interoperability concern.
GPGME/2.2.20
Interoperability concern.
GPGME/1.4.23 Interoperability concern.

Recipient IDs

Tests variations of recipient ids.

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Encryption subkey's KeyID
Base case
Wildcard KeyID
Interoperability concern
Certificate KeyID
Fictitious KeyID

Symmetric Encryption

Symmetric Encryption Algorithm support

This tests support for the different symmetric encryption algorithms using Sequoia to generate the artifacts.

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
IDEA
TripleDES
CAST5
Blowfish
AES128
AES-128 is a MUST according to RFC4880bis8.
AES192
AES should be supported
AES256
AES should be supported
Twofish
Camellia128
Camellia192
Camellia256
Unencrypted
Unencrypted cipher must not be used

Encrypt-Decrypt roundtrip with key 'Bob', IDEA

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [IDEA].

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0 Algorithm should be avoided.
Sequoia/0.20.0 Algorithm should be avoided.
dkg/1.2.0
Algorithm should be avoided.
GopenPGP/v2.0.1 Algorithm should be avoided.
OpenPGP.js/v4.10.7
Algorithm should be avoided.
PGPainless/CLI
Algorithm should be avoided.
RNP/0.0.0+git20201125.80ba4a2
Algorithm should be avoided.
SOPGPy/0.1.0/0.5.3 Algorithm should be avoided.
GPGME/2.2.20
Algorithm should be avoided.
GPGME/1.4.23 Algorithm should be avoided.

Encrypt-Decrypt roundtrip with key 'Bob', TripleDES

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [TripleDES].

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23

Encrypt-Decrypt roundtrip with key 'Bob', CAST5

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [CAST5].

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
Algorithm should be avoided.
Sequoia/0.20.0
Algorithm should be avoided.
dkg/1.2.0
Algorithm should be avoided.
GopenPGP/v2.0.1
Algorithm should be avoided.
OpenPGP.js/v4.10.7
Algorithm should be avoided.
PGPainless/CLI
Algorithm should be avoided.
RNP/0.0.0+git20201125.80ba4a2
Algorithm should be avoided.
SOPGPy/0.1.0/0.5.3
Algorithm should be avoided.
GPGME/2.2.20
Algorithm should be avoided.
GPGME/1.4.23 Algorithm should be avoided.

Encrypt-Decrypt roundtrip with key 'Bob', Blowfish

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [Blowfish].

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
Interoperability concern.
Sequoia/0.20.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.0.1 Interoperability concern.
OpenPGP.js/v4.10.7
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20201125.80ba4a2
Interoperability concern.
SOPGPy/0.1.0/0.5.3
Interoperability concern.
GPGME/2.2.20
Interoperability concern.
GPGME/1.4.23 Interoperability concern.

Encrypt-Decrypt roundtrip with key 'Bob', AES128

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [AES128].

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
AES-128 is a MUST according to RFC4880bis8.
Sequoia/0.20.0
AES-128 is a MUST according to RFC4880bis8.
dkg/1.2.0
AES-128 is a MUST according to RFC4880bis8.
GopenPGP/v2.0.1
AES-128 is a MUST according to RFC4880bis8.
OpenPGP.js/v4.10.7
AES-128 is a MUST according to RFC4880bis8.
PGPainless/CLI
AES-128 is a MUST according to RFC4880bis8.
RNP/0.0.0+git20201125.80ba4a2
AES-128 is a MUST according to RFC4880bis8.
SOPGPy/0.1.0/0.5.3
AES-128 is a MUST according to RFC4880bis8.
GPGME/2.2.20
AES-128 is a MUST according to RFC4880bis8.
GPGME/1.4.23 AES-128 is a MUST according to RFC4880bis8.

Encrypt-Decrypt roundtrip with key 'Bob', AES192

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [AES192].

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
AES should be supported
Sequoia/0.20.0
AES should be supported
dkg/1.2.0
AES should be supported
GopenPGP/v2.0.1 AES should be supported
OpenPGP.js/v4.10.7
AES should be supported
PGPainless/CLI
AES should be supported
RNP/0.0.0+git20201125.80ba4a2
AES should be supported
SOPGPy/0.1.0/0.5.3
AES should be supported
GPGME/2.2.20
AES should be supported
GPGME/1.4.23 AES should be supported

Encrypt-Decrypt roundtrip with key 'Bob', AES256

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [AES256].

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
AES should be supported
Sequoia/0.20.0
AES should be supported
dkg/1.2.0
AES should be supported
GopenPGP/v2.0.1
AES should be supported
OpenPGP.js/v4.10.7
AES should be supported
PGPainless/CLI
AES should be supported
RNP/0.0.0+git20201125.80ba4a2
AES should be supported
SOPGPy/0.1.0/0.5.3
AES should be supported
GPGME/2.2.20
AES should be supported
GPGME/1.4.23 AES should be supported

Encrypt-Decrypt roundtrip with key 'Bob', Twofish

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [Twofish].

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
Interoperability concern.
Sequoia/0.20.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.0.1 Interoperability concern.
OpenPGP.js/v4.10.7
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20201125.80ba4a2
Interoperability concern.
SOPGPy/0.1.0/0.5.3 Interoperability concern.
GPGME/2.2.20
Interoperability concern.
GPGME/1.4.23 Interoperability concern.

Encrypt-Decrypt roundtrip with key 'Bob', Camellia128

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [Camellia128].

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
Interoperability concern.
Sequoia/0.20.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.0.1 Interoperability concern.
OpenPGP.js/v4.10.7
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20201125.80ba4a2
Interoperability concern.
SOPGPy/0.1.0/0.5.3
Interoperability concern.
GPGME/2.2.20
Interoperability concern.
GPGME/1.4.23 Interoperability concern.

Encrypt-Decrypt roundtrip with key 'Bob', Camellia192

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [Camellia192].

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
Interoperability concern.
Sequoia/0.20.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.0.1 Interoperability concern.
OpenPGP.js/v4.10.7
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20201125.80ba4a2
Interoperability concern.
SOPGPy/0.1.0/0.5.3
Interoperability concern.
GPGME/2.2.20
Interoperability concern.
GPGME/1.4.23 Interoperability concern.

Encrypt-Decrypt roundtrip with key 'Bob', Camellia256

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [Camellia256].

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
Interoperability concern.
Sequoia/0.20.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.0.1 Interoperability concern.
OpenPGP.js/v4.10.7
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20201125.80ba4a2
Interoperability concern.
SOPGPy/0.1.0/0.5.3
Interoperability concern.
GPGME/2.2.20
Interoperability concern.
GPGME/1.4.23 Interoperability concern.

Encrypt-Decrypt roundtrip with key 'Bob', EAX

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [AES256], AEAD algorithm preference [EAX].

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
EAX is a MUST according to RFC4880bis8.
Sequoia/0.20.0
EAX is a MUST according to RFC4880bis8.
dkg/1.2.0
EAX is a MUST according to RFC4880bis8.
GopenPGP/v2.0.1
EAX is a MUST according to RFC4880bis8.
OpenPGP.js/v4.10.7
EAX is a MUST according to RFC4880bis8.
PGPainless/CLI
EAX is a MUST according to RFC4880bis8.
RNP/0.0.0+git20201125.80ba4a2
EAX is a MUST according to RFC4880bis8.
SOPGPy/0.1.0/0.5.3
EAX is a MUST according to RFC4880bis8.
GPGME/2.2.20
EAX is a MUST according to RFC4880bis8.
GPGME/1.4.23 EAX is a MUST according to RFC4880bis8.

Encrypt-Decrypt roundtrip with key 'Bob', OCB

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [AES256], AEAD algorithm preference [OCB].

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
Interoperability concern.
Sequoia/0.20.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.0.1
Interoperability concern.
OpenPGP.js/v4.10.7
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20201125.80ba4a2
Interoperability concern.
SOPGPy/0.1.0/0.5.3
Interoperability concern.
GPGME/2.2.20
Interoperability concern.
GPGME/1.4.23 Interoperability concern.

SEIP packet support

This tests support for the Symmetrically Encrypted Integrity Protected Data Packet (Tag 18) and verifies that modifications to the ciphertext are detected. It uses Sequoia to generate the artifacts.

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Base case
SEIP is a MUST according to RFC4880.
Missing MDC
Missing MDC must abort processing.
Downgrade to SED
Security concern: Downgrade must be prevented.
Tampered ciphertext
Security concern: Tampering must be prevented.
Tampered MDC
Security concern: Tampering must be prevented.

Detached Signatures

Detached Sign-Verify roundtrip with key 'Alice'

Detached Sign-Verify roundtrip using the 'Alice' key from draft-bre-openpgp-samples-00.

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
Interoperability concern.
Sequoia/0.20.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.0.1
Interoperability concern.
OpenPGP.js/v4.10.7
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20201125.80ba4a2
Interoperability concern.
SOPGPy/0.1.0/0.5.3
Interoperability concern.
GPGME/2.2.20
Interoperability concern.
GPGME/1.4.23 Interoperability concern.

Detached Sign-Verify roundtrip with key 'Bob'

Detached Sign-Verify roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00.

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
Interoperability concern.
Sequoia/0.20.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.0.1
Interoperability concern.
OpenPGP.js/v4.10.7
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20201125.80ba4a2
Interoperability concern.
SOPGPy/0.1.0/0.5.3
Interoperability concern.
GPGME/2.2.20
Interoperability concern.
GPGME/1.4.23 Interoperability concern.

Detached signature with Subpackets

Tests how implementations constrain the validity of signatures depending on the given subpackets.

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Base case
Interoperability concern.
Base case, unhashed issuer fingerprint
Interoperability concern.
Base case, hashed issuer
Interoperability concern.
No issuer fingerprint
Interoperability concern.
No issuer fingerprint, hashed issuer
Interoperability concern.
No issuer
Issuer fingerprint ought to be enough.
No issuer, unhashed issuer fingerprint
Issuer fingerprint ought to be enough.
No issuer, no issuer fingerprint
Issuer, fake issuer
Interoperability concern.
Fake issuer, issuer
Interoperability concern.
Issuer, fake issuer, V6 issuer FP
Interoperability concern.
Fake issuer, issuer, V6 issuer FP
Interoperability concern.
Unhashed creation time
Creation time must be hashed.
No creation time
Creation time must exist.
Creation time given twice
Uniqueness of subpackets is not required.
Future creation time
Creation time is in the future.
Future creation time given twice
Creation time is in the future.
Future creation time, backdated
Creation time is in the future.
Unknown subpacket
Interoperability concern.
Critical unknown subpacket
Critical unknown subpacket invalidates signature.
Unknown subpacket, unhashed
Interoperability concern.
Critical unknown subpacket, unhashed
Unknown notation
Interoperability concern.
Critical unknown notation
Critical unknown notation invalidates signature.
Unknown notation, unhashed
Interoperability concern.
Critical unknown notation, unhashed

Detached signatures: Linebreak normalization

Tests how implementations normalize line breaks when verifying text signatures. Section 5.2.1 of RFC4880 says: The signature is calculated over the text data with its line endings converted to <CR><LF>.

This test creates two signatures, a binary and a text signature, over the message one\r\ntwo\r\nthree, and checks whether variants of the message with different line endings can be verified using these signatures.

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
"one\r\ntwo\r\nthree"
Base case (b)
"one\r\ntwo\r\nthree"
Base case (t)
"one\ntwo\nthree"
Binary signature must not be valid (b)
"one\ntwo\nthree"
Line endings must be normalized (t)
"one\ntwo\r\nthree"
Binary signature must not be valid (b)
"one\ntwo\r\nthree"
Line endings must be normalized (t)
"one\r\ntwo\nthree"
Binary signature must not be valid (b)
"one\r\ntwo\nthree"
Line endings must be normalized (t)
"one\rtwo\rthree"
Binary signature must not be valid (b)
"one\rtwo\rthree"
"one\n\rtwo\n\rthree"
Binary signature must not be valid (b)
"one\n\rtwo\n\rthree"
"one\u{1e}two\u{1e}three"
Binary signature must not be valid (b)
"one\u{1e}two\u{1e}three"
"one\u{b}two\u{b}three"
Binary signature must not be valid (b)
"one\u{b}two\u{b}three"
"one\u{c}two\u{c}three"
Binary signature must not be valid (b)
"one\u{c}two\u{c}three"
"one\u{85}two\u{85}three"
Binary signature must not be valid (b)
"one\u{85}two\u{85}three"
"one\u{2028}two\u{2028}three"
Binary signature must not be valid (b)
"one\u{2028}two\u{2028}three"
"one\u{2029}two\u{2029}three"
Binary signature must not be valid (b)
"one\u{2029}two\u{2029}three"
"one \ntwo\nthree"
Binary signature must not be valid (b)
"one \ntwo\nthree"
Erroneous normalization (e.g. trailing whitespace) (t)
"one\ntwo \nthree"
Binary signature must not be valid (b)
"one\ntwo \nthree"
Erroneous normalization (e.g. trailing whitespace) (t)
"one\ntwo\nthree "
Binary signature must not be valid (b)
"one\ntwo\nthree "
Erroneous normalization (e.g. trailing whitespace) (t)
"one\ntwo\nthree\n"
Binary signature must not be valid (b)
"one\ntwo\nthree\n"
Erroneous normalization (e.g. trailing whitespace) (t)
"\none\ntwo\nthree"
Binary signature must not be valid (b)
"\none\ntwo\nthree"
Erroneous normalization (e.g. trailing whitespace) (t)
"one\t\ntwo\nthree"
Binary signature must not be valid (b)
"one\t\ntwo\nthree"
Erroneous normalization (e.g. trailing whitespace) (t)
"one\u{a0}\ntwo\nthree"
Binary signature must not be valid (b)
"one\u{a0}\ntwo\nthree"
Erroneous normalization (e.g. trailing whitespace) (t)
"one\u{1680}\ntwo\nthree"
Binary signature must not be valid (b)
"one\u{1680}\ntwo\nthree"
Erroneous normalization (e.g. trailing whitespace) (t)
"one\u{2000}\ntwo\nthree"
Binary signature must not be valid (b)
"one\u{2000}\ntwo\nthree"
Erroneous normalization (e.g. trailing whitespace) (t)

Detached signatures with unknown packets

This tests whether detached signatures with unknown versions of Signature packets are still verified. This is important for the evolution of the message format.

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
SIG4 SIG4
Base case
SIG4 SIG23
Unknown versions should be ignored
SIG23 SIG4
Unknown versions should be ignored

Hash Algorithms

Detached Sign-Verify roundtrip with key 'Bob', MD5

Detached Sign-Verify roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the hash algorithm preference [MD5].

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
Hash should not be used anymore.
Sequoia/0.20.0
Hash should not be used anymore.
dkg/1.2.0
Hash should not be used anymore.
GopenPGP/v2.0.1
Hash should not be used anymore.
OpenPGP.js/v4.10.7
Hash should not be used anymore.
PGPainless/CLI
Hash should not be used anymore.
RNP/0.0.0+git20201125.80ba4a2
Hash should not be used anymore.
SOPGPy/0.1.0/0.5.3
Hash should not be used anymore.
GPGME/2.2.20
Hash should not be used anymore.
GPGME/1.4.23 Hash should not be used anymore.

Detached Sign-Verify roundtrip with key 'Bob', SHA1

Detached Sign-Verify roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the hash algorithm preference [SHA1].

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
Hash should not be used anymore.
Sequoia/0.20.0
Hash should not be used anymore.
dkg/1.2.0
Hash should not be used anymore.
GopenPGP/v2.0.1
Hash should not be used anymore.
OpenPGP.js/v4.10.7
Hash should not be used anymore.
PGPainless/CLI
Hash should not be used anymore.
RNP/0.0.0+git20201125.80ba4a2
Hash should not be used anymore.
SOPGPy/0.1.0/0.5.3
Hash should not be used anymore.
GPGME/2.2.20
Hash should not be used anymore.
GPGME/1.4.23 Hash should not be used anymore.

Detached Sign-Verify roundtrip with key 'Bob', RipeMD

Detached Sign-Verify roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the hash algorithm preference [RipeMD].

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
Hash should not be used anymore.
Sequoia/0.20.0
Hash should not be used anymore.
dkg/1.2.0
Hash should not be used anymore.
GopenPGP/v2.0.1
Hash should not be used anymore.
OpenPGP.js/v4.10.7
Hash should not be used anymore.
PGPainless/CLI
Hash should not be used anymore.
RNP/0.0.0+git20201125.80ba4a2
Hash should not be used anymore.
SOPGPy/0.1.0/0.5.3 Hash should not be used anymore.
GPGME/2.2.20
Hash should not be used anymore.
GPGME/1.4.23 Hash should not be used anymore.

Detached Sign-Verify roundtrip with key 'Bob', SHA256

Detached Sign-Verify roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the hash algorithm preference [SHA256].

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
MUST be implemented according to RFC4880bis8.
Sequoia/0.20.0
MUST be implemented according to RFC4880bis8.
dkg/1.2.0
MUST be implemented according to RFC4880bis8.
GopenPGP/v2.0.1
MUST be implemented according to RFC4880bis8.
OpenPGP.js/v4.10.7
MUST be implemented according to RFC4880bis8.
PGPainless/CLI
MUST be implemented according to RFC4880bis8.
RNP/0.0.0+git20201125.80ba4a2
MUST be implemented according to RFC4880bis8.
SOPGPy/0.1.0/0.5.3
MUST be implemented according to RFC4880bis8.
GPGME/2.2.20
MUST be implemented according to RFC4880bis8.
GPGME/1.4.23 MUST be implemented according to RFC4880bis8.

Detached Sign-Verify roundtrip with key 'Bob', SHA384

Detached Sign-Verify roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the hash algorithm preference [SHA384].

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
Should be supported.
Sequoia/0.20.0
Should be supported.
dkg/1.2.0
Should be supported.
GopenPGP/v2.0.1
Should be supported.
OpenPGP.js/v4.10.7
Should be supported.
PGPainless/CLI
Should be supported.
RNP/0.0.0+git20201125.80ba4a2
Should be supported.
SOPGPy/0.1.0/0.5.3
Should be supported.
GPGME/2.2.20
Should be supported.
GPGME/1.4.23 Should be supported.

Detached Sign-Verify roundtrip with key 'Bob', SHA512

Detached Sign-Verify roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the hash algorithm preference [SHA512].

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
Should be supported.
Sequoia/0.20.0
Should be supported.
dkg/1.2.0
Should be supported.
GopenPGP/v2.0.1
Should be supported.
OpenPGP.js/v4.10.7
Should be supported.
PGPainless/CLI
Should be supported.
RNP/0.0.0+git20201125.80ba4a2
Should be supported.
SOPGPy/0.1.0/0.5.3
Should be supported.
GPGME/2.2.20
Should be supported.
GPGME/1.4.23 Should be supported.

Detached Sign-Verify roundtrip with key 'Bob', SHA224

Detached Sign-Verify roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the hash algorithm preference [SHA224].

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
Interoperability concern.
Sequoia/0.20.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.0.1
Interoperability concern.
OpenPGP.js/v4.10.7
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20201125.80ba4a2
Interoperability concern.
SOPGPy/0.1.0/0.5.3
Interoperability concern.
GPGME/2.2.20
Interoperability concern.
GPGME/1.4.23 Interoperability concern.

Signature over the shattered collision

This tests whether detached signatures using SHA-1 over the collision from the paper The first collision for full SHA-1 are considered valid.

The first test establishes a baseline. It is a SHA-1 signature over the text Hello World :)

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Baseline
Data signatures using SHA-1 should be considered invalid
SIG-1 over PDF-1
Attack must be mitigated
SIG-1 over PDF-2
Attack must be mitigated
SIG-2 over PDF-1
Attack must be mitigated
SIG-2 over PDF-2
Attack must be mitigated

Compression Algorithms

Compression Algorithm support

This tests support for the different compression algorithms using Sequoia to generate the artifacts.

Additional artifacts:

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Uncompressed
Uncompressed MUST be supported.
ZIP
SHOULD be able to decompress ZIP.
ZLIB
Zlib SHOULD be supported.
BZip2

Key Generation

Default key generation, encrypt-decrypt roundtrip

This models key generation, distribution, and encrypted message exchange. Generates a default key with the producer P, then extracts the certificate from the key and uses it to encrypt a message using the consumer C, and finally P to decrypt the message.

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
Interoperability concern.
Sequoia/0.20.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.0.1
Interoperability concern.
OpenPGP.js/v4.10.7
Interoperability concern.
PGPainless/CLI Interoperability concern.
RNP/0.0.0+git20201125.80ba4a2
Interoperability concern.
SOPGPy/0.1.0/0.5.3
Interoperability concern.
GPGME/2.2.20
Interoperability concern.
GPGME/1.4.23 Interoperability concern.

Default key generation, encrypt-decrypt roundtrip, 2 UIDs

This models key generation, distribution, and encrypted message exchange. Generates a default key with the producer P, then extracts the certificate from the key and uses it to encrypt a message using the consumer C, and finally P to decrypt the message.

Consumer
Sequoia/1.0.0
Sequoia/0.20.0
dkg/1.2.0
GopenPGP/v2.0.1
OpenPGP.js/v4.10.7
PGPainless/CLI
RNP/0.0.0+git20201125.80ba4a2
SOPGPy/0.1.0/0.5.3
GPGME/2.2.20
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.0.0
Interoperability concern.
Sequoia/0.20.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.0.1
Interoperability concern.
OpenPGP.js/v4.10.7
Interoperability concern.
PGPainless/CLI Interoperability concern.
RNP/0.0.0+git20201125.80ba4a2
Interoperability concern.
SOPGPy/0.1.0/0.5.3