OpenPGP interoperability test suite

These are the results of running the OpenPGP interoperability test suite version 0.1.0 (d0ffe6b) on 2021-04-08T10:30.

This test suite has been very successful in identifying problems in many OpenPGP implementations. If you want to see your implementation included in these results, please implement the Stateless OpenPGP Command Line Interface and open an issue in our tracker. Note: The implementation doesn't have to be complete to be useful.

Test Summary

These charts summarize the results. Reducing the wealth of information to a set of numbers necessarily loses information, so take them with a grain of salt. Nevertheless, these number provide an indication to what degree an implementation agrees with the expectations of this test suite.

The first chart shows the percentage of tests where an implementation agrees with the test suite's expectations on all individual test vectors.

100% 75% 50% 25% 0%
  • Sequoia/1.1.0
  • dkg/1.2.0
  • OpenPGP.js/v4.10.10
  • GPGME/2.2.27
  • GPGME/2.3.0
  • GopenPGP/v2.1.1
  • RNP/0.0.0+git20210301.ffcfb63
  • GPGME/1.4.23
  • SOPGPy/0.1.0/0.5.3
  • PGPainless/CLI

The second chart shows the percentage of individual test vectors where an implementation agrees with the test suite's expectations.

100% 75% 50% 25% 0%
  • Sequoia/1.1.0
  • dkg/1.2.0
  • OpenPGP.js/v4.10.10
  • GPGME/2.2.27
  • GPGME/2.3.0
  • GopenPGP/v2.1.1
  • RNP/0.0.0+git20210301.ffcfb63
  • GPGME/1.4.23
  • SOPGPy/0.1.0/0.5.3
  • PGPainless/CLI

How to read the test results

Tests are loosely coupled in categories. Both tests and categories have anchors and can be linked to. The anchors should be stable enough to be included in commit messages and documentation. Every test describes the setup, and may introduce terminology used in the test results. Additional resources (e.g. certificates) required by the test can be inspected by clicking on the inspect button (). The results are in tabular form. The producers are on the left going down, the consumers on the top going right.

There are two kinds of tests. In producer-consumer tests, the OpenPGP implementations being tested produce an artifact (e.g. they encrypt a message), and every implementation is used to consume the artifact (e.g. to decrypt the encrypted message). In consumer tests, the artifacts are produced by the test suite, and consumed by every OpenPGP implementation. In either case, the artifact that is consumed can be inspected by clicking on the inspect button () in the second column in every row. If a producer failed to produce an artifact, or the artifact did not conform to the expectation, a cross mark (✗) is displayed. Hovering over it with the mouse pointer reveals the error message in a tooltip.

Each row now contains the result of consuming the row's artifact using the different OpenPGP implementations. Here, a check mark (✓) indicates that the operation was successful. The resulting output (e.g. the decrypted message) can be found in the tooltip. Like before, a cross mark (✗) indicates that the operation was not successful, or the produced artifact did not meet expectations. Again, details can be found in the tooltip.

Up to this point, we did not judge whether or not a operation should be successful or not, we merely recorded the facts. This answers the question of how implementations react to certain inputs, and we can quantify that and have an informed conversation about the consequences. But, we observed that the bare results were hard to interpret, a problem exacerbated by the vastness of the results due to combinatorial effects.

To address this, most tests now have an expectation for the outcome, and an explanation for the expected outcome. (If one of these expectations disagree with you, please get in touch!) If the result of an operation agrees with the expectation, the result has a green background and has a diagonal line in the top-left corner. If they disagree, the background is red and the line is in the top-right corner.

Example test

This is an example.

Additional artifacts:

Consumer
FooPGP/1
BarPGP/2
BazPGP/3
Expectation
Comment
Producer Artifact
Base case
Interoperability concern.
Well-formed variant
Interoperability concern.
Malformed variant
Message is malformed.
Weird variant
Producer failure Should work (TM).
An example consumer test result

Test Results

Asymmetric Encryption

Encrypt-Decrypt roundtrip with key 'Alice'

Encrypt-Decrypt roundtrip using the 'Alice' key from draft-bre-openpgp-samples-00.

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
Interoperability concern.
dkg/1.2.0 Interoperability concern.
GopenPGP/v2.1.1
Interoperability concern.
OpenPGP.js/v4.10.10
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20210301.ffcfb63
Interoperability concern.
SOPGPy/0.1.0/0.5.3
Interoperability concern.
GPGME/2.3.0
Interoperability concern.
GPGME/2.2.27
Interoperability concern.
GPGME/1.4.23 Interoperability concern.

Encrypt-Decrypt roundtrip with key 'Bob'

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00.

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.1.1
Interoperability concern.
OpenPGP.js/v4.10.10
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20210301.ffcfb63
Interoperability concern.
SOPGPy/0.1.0/0.5.3
Interoperability concern.
GPGME/2.3.0
Interoperability concern.
GPGME/2.2.27
Interoperability concern.
GPGME/1.4.23
Interoperability concern.

Recipient IDs

Tests variations of recipient ids.

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Encryption subkey's KeyID
Base case
Wildcard KeyID
Interoperability concern
Certificate KeyID
Fictitious KeyID

Symmetric Encryption

Symmetric Encryption Algorithm support

This tests support for the different symmetric encryption algorithms using Sequoia to generate the artifacts.

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
IDEA
TripleDES
CAST5
Blowfish
AES128
AES-128 is a MUST according to RFC4880bis8.
AES192
AES should be supported
AES256
AES should be supported
Twofish
Camellia128
Camellia192
Camellia256
Unencrypted
Unencrypted cipher must not be used

Encrypt-Decrypt roundtrip with key 'Bob', IDEA

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [IDEA].

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0 Algorithm should be avoided.
dkg/1.2.0
Algorithm should be avoided.
GopenPGP/v2.1.1 Algorithm should be avoided.
OpenPGP.js/v4.10.10
Algorithm should be avoided.
PGPainless/CLI
Algorithm should be avoided.
RNP/0.0.0+git20210301.ffcfb63
Algorithm should be avoided.
SOPGPy/0.1.0/0.5.3 Algorithm should be avoided.
GPGME/2.3.0
Algorithm should be avoided.
GPGME/2.2.27
Algorithm should be avoided.
GPGME/1.4.23
Algorithm should be avoided.

Encrypt-Decrypt roundtrip with key 'Bob', TripleDES

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [TripleDES].

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23

Encrypt-Decrypt roundtrip with key 'Bob', CAST5

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [CAST5].

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
Algorithm should be avoided.
dkg/1.2.0
Algorithm should be avoided.
GopenPGP/v2.1.1
Algorithm should be avoided.
OpenPGP.js/v4.10.10
Algorithm should be avoided.
PGPainless/CLI
Algorithm should be avoided.
RNP/0.0.0+git20210301.ffcfb63
Algorithm should be avoided.
SOPGPy/0.1.0/0.5.3
Algorithm should be avoided.
GPGME/2.3.0
Algorithm should be avoided.
GPGME/2.2.27
Algorithm should be avoided.
GPGME/1.4.23
Algorithm should be avoided.

Encrypt-Decrypt roundtrip with key 'Bob', Blowfish

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [Blowfish].

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.1.1 Interoperability concern.
OpenPGP.js/v4.10.10
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20210301.ffcfb63
Interoperability concern.
SOPGPy/0.1.0/0.5.3
Interoperability concern.
GPGME/2.3.0
Interoperability concern.
GPGME/2.2.27
Interoperability concern.
GPGME/1.4.23
Interoperability concern.

Encrypt-Decrypt roundtrip with key 'Bob', AES128

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [AES128].

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
AES-128 is a MUST according to RFC4880bis8.
dkg/1.2.0
AES-128 is a MUST according to RFC4880bis8.
GopenPGP/v2.1.1
AES-128 is a MUST according to RFC4880bis8.
OpenPGP.js/v4.10.10
AES-128 is a MUST according to RFC4880bis8.
PGPainless/CLI
AES-128 is a MUST according to RFC4880bis8.
RNP/0.0.0+git20210301.ffcfb63
AES-128 is a MUST according to RFC4880bis8.
SOPGPy/0.1.0/0.5.3
AES-128 is a MUST according to RFC4880bis8.
GPGME/2.3.0
AES-128 is a MUST according to RFC4880bis8.
GPGME/2.2.27
AES-128 is a MUST according to RFC4880bis8.
GPGME/1.4.23
AES-128 is a MUST according to RFC4880bis8.

Encrypt-Decrypt roundtrip with key 'Bob', AES192

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [AES192].

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
AES should be supported
dkg/1.2.0
AES should be supported
GopenPGP/v2.1.1 AES should be supported
OpenPGP.js/v4.10.10
AES should be supported
PGPainless/CLI
AES should be supported
RNP/0.0.0+git20210301.ffcfb63
AES should be supported
SOPGPy/0.1.0/0.5.3
AES should be supported
GPGME/2.3.0
AES should be supported
GPGME/2.2.27
AES should be supported
GPGME/1.4.23
AES should be supported

Encrypt-Decrypt roundtrip with key 'Bob', AES256

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [AES256].

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
AES should be supported
dkg/1.2.0
AES should be supported
GopenPGP/v2.1.1
AES should be supported
OpenPGP.js/v4.10.10
AES should be supported
PGPainless/CLI
AES should be supported
RNP/0.0.0+git20210301.ffcfb63
AES should be supported
SOPGPy/0.1.0/0.5.3
AES should be supported
GPGME/2.3.0
AES should be supported
GPGME/2.2.27
AES should be supported
GPGME/1.4.23
AES should be supported

Encrypt-Decrypt roundtrip with key 'Bob', Twofish

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [Twofish].

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.1.1 Interoperability concern.
OpenPGP.js/v4.10.10
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20210301.ffcfb63
Interoperability concern.
SOPGPy/0.1.0/0.5.3 Interoperability concern.
GPGME/2.3.0
Interoperability concern.
GPGME/2.2.27
Interoperability concern.
GPGME/1.4.23
Interoperability concern.

Encrypt-Decrypt roundtrip with key 'Bob', Camellia128

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [Camellia128].

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.1.1 Interoperability concern.
OpenPGP.js/v4.10.10
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20210301.ffcfb63
Interoperability concern.
SOPGPy/0.1.0/0.5.3
Interoperability concern.
GPGME/2.3.0
Interoperability concern.
GPGME/2.2.27
Interoperability concern.
GPGME/1.4.23
Interoperability concern.

Encrypt-Decrypt roundtrip with key 'Bob', Camellia192

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [Camellia192].

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.1.1 Interoperability concern.
OpenPGP.js/v4.10.10
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20210301.ffcfb63
Interoperability concern.
SOPGPy/0.1.0/0.5.3
Interoperability concern.
GPGME/2.3.0
Interoperability concern.
GPGME/2.2.27
Interoperability concern.
GPGME/1.4.23
Interoperability concern.

Encrypt-Decrypt roundtrip with key 'Bob', Camellia256

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [Camellia256].

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.1.1 Interoperability concern.
OpenPGP.js/v4.10.10
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20210301.ffcfb63
Interoperability concern.
SOPGPy/0.1.0/0.5.3
Interoperability concern.
GPGME/2.3.0
Interoperability concern.
GPGME/2.2.27
Interoperability concern.
GPGME/1.4.23
Interoperability concern.

Encrypt-Decrypt roundtrip with key 'Bob', EAX

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [AES256], AEAD algorithm preference [EAX].

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
EAX is a MUST according to RFC4880bis8.
dkg/1.2.0
EAX is a MUST according to RFC4880bis8.
GopenPGP/v2.1.1
EAX is a MUST according to RFC4880bis8.
OpenPGP.js/v4.10.10
EAX is a MUST according to RFC4880bis8.
PGPainless/CLI
EAX is a MUST according to RFC4880bis8.
RNP/0.0.0+git20210301.ffcfb63
EAX is a MUST according to RFC4880bis8.
SOPGPy/0.1.0/0.5.3
EAX is a MUST according to RFC4880bis8.
GPGME/2.3.0
EAX is a MUST according to RFC4880bis8.
GPGME/2.2.27
EAX is a MUST according to RFC4880bis8.
GPGME/1.4.23
EAX is a MUST according to RFC4880bis8.

Encrypt-Decrypt roundtrip with key 'Bob', OCB

Encrypt-Decrypt roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the symmetric algorithm preference [AES256], AEAD algorithm preference [OCB].

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.1.1
Interoperability concern.
OpenPGP.js/v4.10.10
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20210301.ffcfb63
Interoperability concern.
SOPGPy/0.1.0/0.5.3
Interoperability concern.
GPGME/2.3.0
Interoperability concern.
GPGME/2.2.27
Interoperability concern.
GPGME/1.4.23
Interoperability concern.

SEIP packet support

This tests support for the Symmetrically Encrypted Integrity Protected Data Packet (Tag 18) and verifies that modifications to the ciphertext are detected. To avoid creating a decryption oracle, implementations must respond with a uniform error message to tampering.

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Base case
SEIP is a MUST according to RFC4880.
Missing MDC
Missing MDC must abort processing.
Downgrade to SED
Security concern: Downgrade must be prevented.
Tampered ciphertext
Security concern: Tampering must be prevented.
Tampered MDC
Security concern: Tampering must be prevented.
Truncated MDC
Security concern: Tampering must be prevented.
MDC with bad CTB
Security concern: Tampering must be prevented.
MDC with bad length
Security concern: Tampering must be prevented.

Detached Signatures

Detached Sign-Verify roundtrip with key 'Alice'

Detached Sign-Verify roundtrip using the 'Alice' key from draft-bre-openpgp-samples-00.

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.1.1
Interoperability concern.
OpenPGP.js/v4.10.10
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20210301.ffcfb63
Interoperability concern.
SOPGPy/0.1.0/0.5.3
Interoperability concern.
GPGME/2.3.0
Interoperability concern.
GPGME/2.2.27
Interoperability concern.
GPGME/1.4.23 Interoperability concern.

Detached Sign-Verify roundtrip with key 'Bob'

Detached Sign-Verify roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00.

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.1.1
Interoperability concern.
OpenPGP.js/v4.10.10
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20210301.ffcfb63
Interoperability concern.
SOPGPy/0.1.0/0.5.3
Interoperability concern.
GPGME/2.3.0
Interoperability concern.
GPGME/2.2.27
Interoperability concern.
GPGME/1.4.23
Interoperability concern.

Detached signature with Subpackets

Tests how implementations constrain the validity of signatures depending on the given subpackets.

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Base case
Interoperability concern.
Base case, unhashed issuer fingerprint
Interoperability concern.
Base case, hashed issuer
Interoperability concern.
No issuer fingerprint
Interoperability concern.
No issuer fingerprint, hashed issuer
Interoperability concern.
No issuer
Issuer fingerprint ought to be enough.
No issuer, unhashed issuer fingerprint
Issuer fingerprint ought to be enough.
No issuer, no issuer fingerprint
Issuer, fake issuer
Interoperability concern.
Fake issuer, issuer
Interoperability concern.
Issuer, fake issuer, V6 issuer FP
Interoperability concern.
Fake issuer, issuer, V6 issuer FP
Interoperability concern.
Unhashed creation time
Creation time must be hashed.
No creation time
Creation time must exist.
Creation time given twice
Uniqueness of subpackets is not required.
Future creation time
Creation time is in the future.
Future creation time given twice
Creation time is in the future.
Future creation time, backdated
Creation time is in the future.
Unknown subpacket
Interoperability concern.
Critical unknown subpacket
Critical unknown subpacket invalidates signature.
Unknown subpacket, unhashed
Interoperability concern.
Critical unknown subpacket, unhashed
Unknown notation
Interoperability concern.
Critical unknown notation
Critical unknown notation invalidates signature.
Unknown notation, unhashed
Interoperability concern.
Critical unknown notation, unhashed

Detached signatures: Linebreak normalization

Tests how implementations normalize line breaks when verifying text signatures. Section 5.2.1 of RFC4880 says: The signature is calculated over the text data with its line endings converted to <CR><LF>.

This test creates two signatures, a binary and a text signature, over the message one\r\ntwo\r\nthree, and checks whether variants of the message with different line endings can be verified using these signatures.

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
"one\r\ntwo\r\nthree"
Base case (b)
"one\r\ntwo\r\nthree"
Base case (t)
"one\ntwo\nthree"
Binary signature must not be valid (b)
"one\ntwo\nthree"
Line endings must be normalized (t)
"one\ntwo\r\nthree"
Binary signature must not be valid (b)
"one\ntwo\r\nthree"
Line endings must be normalized (t)
"one\r\ntwo\nthree"
Binary signature must not be valid (b)
"one\r\ntwo\nthree"
Line endings must be normalized (t)
"one\rtwo\rthree"
Binary signature must not be valid (b)
"one\rtwo\rthree"
"one\n\rtwo\n\rthree"
Binary signature must not be valid (b)
"one\n\rtwo\n\rthree"
"one\u{1e}two\u{1e}three"
Binary signature must not be valid (b)
"one\u{1e}two\u{1e}three"
"one\u{b}two\u{b}three"
Binary signature must not be valid (b)
"one\u{b}two\u{b}three"
"one\u{c}two\u{c}three"
Binary signature must not be valid (b)
"one\u{c}two\u{c}three"
"one\u{85}two\u{85}three"
Binary signature must not be valid (b)
"one\u{85}two\u{85}three"
"one\u{2028}two\u{2028}three"
Binary signature must not be valid (b)
"one\u{2028}two\u{2028}three"
"one\u{2029}two\u{2029}three"
Binary signature must not be valid (b)
"one\u{2029}two\u{2029}three"
"one \ntwo\nthree"
Binary signature must not be valid (b)
"one \ntwo\nthree"
Erroneous normalization (e.g. trailing whitespace) (t)
"one\ntwo \nthree"
Binary signature must not be valid (b)
"one\ntwo \nthree"
Erroneous normalization (e.g. trailing whitespace) (t)
"one\ntwo\nthree "
Binary signature must not be valid (b)
"one\ntwo\nthree "
Erroneous normalization (e.g. trailing whitespace) (t)
"one\ntwo\nthree\n"
Binary signature must not be valid (b)
"one\ntwo\nthree\n"
Erroneous normalization (e.g. trailing whitespace) (t)
"\none\ntwo\nthree"
Binary signature must not be valid (b)
"\none\ntwo\nthree"
Erroneous normalization (e.g. trailing whitespace) (t)
"one\t\ntwo\nthree"
Binary signature must not be valid (b)
"one\t\ntwo\nthree"
Erroneous normalization (e.g. trailing whitespace) (t)
"one\u{a0}\ntwo\nthree"
Binary signature must not be valid (b)
"one\u{a0}\ntwo\nthree"
Erroneous normalization (e.g. trailing whitespace) (t)
"one\u{1680}\ntwo\nthree"
Binary signature must not be valid (b)
"one\u{1680}\ntwo\nthree"
Erroneous normalization (e.g. trailing whitespace) (t)
"one\u{2000}\ntwo\nthree"
Binary signature must not be valid (b)
"one\u{2000}\ntwo\nthree"
Erroneous normalization (e.g. trailing whitespace) (t)

Detached signatures with unknown packets

This tests whether detached signatures with unknown versions of Signature packets are still verified. This is important for the evolution of the message format.

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
SIG4 SIG4
Base case
SIG4 SIG23
Unknown versions should be ignored
SIG23 SIG4
Unknown versions should be ignored

Hash Algorithms

Detached Sign-Verify roundtrip with key 'Bob', MD5

Detached Sign-Verify roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the hash algorithm preference [MD5].

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
Hash should not be used anymore.
dkg/1.2.0
Hash should not be used anymore.
GopenPGP/v2.1.1
Hash should not be used anymore.
OpenPGP.js/v4.10.10
Hash should not be used anymore.
PGPainless/CLI
Hash should not be used anymore.
RNP/0.0.0+git20210301.ffcfb63
Hash should not be used anymore.
SOPGPy/0.1.0/0.5.3
Hash should not be used anymore.
GPGME/2.3.0
Hash should not be used anymore.
GPGME/2.2.27
Hash should not be used anymore.
GPGME/1.4.23
Hash should not be used anymore.

Detached Sign-Verify roundtrip with key 'Bob', SHA1

Detached Sign-Verify roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the hash algorithm preference [SHA1].

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
Hash should not be used anymore.
dkg/1.2.0
Hash should not be used anymore.
GopenPGP/v2.1.1
Hash should not be used anymore.
OpenPGP.js/v4.10.10
Hash should not be used anymore.
PGPainless/CLI
Hash should not be used anymore.
RNP/0.0.0+git20210301.ffcfb63
Hash should not be used anymore.
SOPGPy/0.1.0/0.5.3
Hash should not be used anymore.
GPGME/2.3.0
Hash should not be used anymore.
GPGME/2.2.27
Hash should not be used anymore.
GPGME/1.4.23
Hash should not be used anymore.

Detached Sign-Verify roundtrip with key 'Bob', RipeMD

Detached Sign-Verify roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the hash algorithm preference [RipeMD].

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
Hash should not be used anymore.
dkg/1.2.0
Hash should not be used anymore.
GopenPGP/v2.1.1
Hash should not be used anymore.
OpenPGP.js/v4.10.10
Hash should not be used anymore.
PGPainless/CLI
Hash should not be used anymore.
RNP/0.0.0+git20210301.ffcfb63
Hash should not be used anymore.
SOPGPy/0.1.0/0.5.3 Hash should not be used anymore.
GPGME/2.3.0
Hash should not be used anymore.
GPGME/2.2.27
Hash should not be used anymore.
GPGME/1.4.23
Hash should not be used anymore.

Detached Sign-Verify roundtrip with key 'Bob', SHA256

Detached Sign-Verify roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the hash algorithm preference [SHA256].

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
MUST be implemented according to RFC4880bis8.
dkg/1.2.0
MUST be implemented according to RFC4880bis8.
GopenPGP/v2.1.1
MUST be implemented according to RFC4880bis8.
OpenPGP.js/v4.10.10
MUST be implemented according to RFC4880bis8.
PGPainless/CLI
MUST be implemented according to RFC4880bis8.
RNP/0.0.0+git20210301.ffcfb63
MUST be implemented according to RFC4880bis8.
SOPGPy/0.1.0/0.5.3
MUST be implemented according to RFC4880bis8.
GPGME/2.3.0
MUST be implemented according to RFC4880bis8.
GPGME/2.2.27
MUST be implemented according to RFC4880bis8.
GPGME/1.4.23
MUST be implemented according to RFC4880bis8.

Detached Sign-Verify roundtrip with key 'Bob', SHA384

Detached Sign-Verify roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the hash algorithm preference [SHA384].

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
Should be supported.
dkg/1.2.0
Should be supported.
GopenPGP/v2.1.1
Should be supported.
OpenPGP.js/v4.10.10
Should be supported.
PGPainless/CLI
Should be supported.
RNP/0.0.0+git20210301.ffcfb63
Should be supported.
SOPGPy/0.1.0/0.5.3
Should be supported.
GPGME/2.3.0
Should be supported.
GPGME/2.2.27
Should be supported.
GPGME/1.4.23
Should be supported.

Detached Sign-Verify roundtrip with key 'Bob', SHA512

Detached Sign-Verify roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the hash algorithm preference [SHA512].

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
Should be supported.
dkg/1.2.0
Should be supported.
GopenPGP/v2.1.1
Should be supported.
OpenPGP.js/v4.10.10
Should be supported.
PGPainless/CLI
Should be supported.
RNP/0.0.0+git20210301.ffcfb63
Should be supported.
SOPGPy/0.1.0/0.5.3
Should be supported.
GPGME/2.3.0
Should be supported.
GPGME/2.2.27
Should be supported.
GPGME/1.4.23
Should be supported.

Detached Sign-Verify roundtrip with key 'Bob', SHA224

Detached Sign-Verify roundtrip using the 'Bob' key from draft-bre-openpgp-samples-00, modified with the hash algorithm preference [SHA224].

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.1.1
Interoperability concern.
OpenPGP.js/v4.10.10
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20210301.ffcfb63
Interoperability concern.
SOPGPy/0.1.0/0.5.3
Interoperability concern.
GPGME/2.3.0
Interoperability concern.
GPGME/2.2.27
Interoperability concern.
GPGME/1.4.23
Interoperability concern.

Signature over the shattered collision

This tests whether detached signatures using SHA-1 over the collision from the paper The first collision for full SHA-1 are considered valid.

The first test establishes a baseline. It is a SHA-1 signature over the text Hello World :)

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Baseline
Data signatures using SHA-1 should be considered invalid
SIG-1 over PDF-1
Attack must be mitigated
SIG-1 over PDF-2
Attack must be mitigated
SIG-2 over PDF-1
Attack must be mitigated
SIG-2 over PDF-2
Attack must be mitigated

Compression Algorithms

Compression Algorithm support

This tests support for the different compression algorithms using Sequoia to generate the artifacts.

Additional artifacts:

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Uncompressed
Uncompressed MUST be supported.
ZIP
SHOULD be able to decompress ZIP.
ZLIB
Zlib SHOULD be supported.
BZip2

Key Generation

Default key generation, encrypt-decrypt roundtrip

This models key generation, distribution, and encrypted message exchange. Generates a default key with the producer P, then extracts the certificate from the key and uses it to encrypt a message using the consumer C, and finally P to decrypt the message.

Consumer
Sequoia/1.1.0
dkg/1.2.0
GopenPGP/v2.1.1
OpenPGP.js/v4.10.10
PGPainless/CLI
RNP/0.0.0+git20210301.ffcfb63
SOPGPy/0.1.0/0.5.3
GPGME/2.3.0
GPGME/2.2.27
GPGME/1.4.23
Expectation
Comment
Producer Artifact
Sequoia/1.1.0
Interoperability concern.
dkg/1.2.0
Interoperability concern.
GopenPGP/v2.1.1
Interoperability concern.
OpenPGP.js/v4.10.10
Interoperability concern.
PGPainless/CLI
Interoperability concern.
RNP/0.0.0+git20210301.ffcfb63
Interoperability concern.
SOPGPy/0.1.0/0.5.3
Interoperability concern.
GPGME/2.3.0