Kleopatra Test Plan

Status: in progress

Introduction

The purpose of this test plan is to ensure Kleopatra works well on all supported operating systems.

Test environment

Choose one combination of the following target platforms supported by Kleopatra.

Operating system:

• Windows Vista (32 or 64bit)
• Windows 7 (32 or 64bit)
• Windows 8 (32 or 64bit)
• Windows 10 (32 or 64bit)

It is recommended to use a clean virtual test environment, e.g. with VirtualBox.

Preconditions

• GnuPG (latest release) Installed
• Kleoptra Installed
• OpenPGP public key (*.asc or *.gpg) and private key (*.asc or *.gpg)
• S/MIME certificate chain (*.pem) and private key (*.p12)

Tests

Testsuite 1: Basic Functions

1.1: Create Certificates (OpenPGP)

1. Choose "File" from menu-bar
2. Click "New Secret Key"
3. Choose "OpenPGP Keypair"
4. Fill in some random information
5. Choose a passphrase
6. The new certificate will appear in the overview

1.2: Create Certificate-Request (X.509)

1. Choose "File" from menu-bar
2. Click "New Secret Key"
3. Choose "X.509 Keypair"
4. Fill some random information
5. Choose a passphrase
6. Save the certificate request to file

1.3: Import Certificates (OpenPGP)

1. Choose "File" from menu-bar
2. Click "Import..."
3. Navigate to a previously exported certificate
4. Click "Open"
5. The imported certificate will appear in the overview

1.4: Import Certificates incl. Trustchain (X.509)

1. Choose "File" from menu-bar
2. Click "Import..."
3. Navigate to a previously exported certificate
4. Click "Open"
5. The imported certificate will appear in the overview

1.5: Encrypt Files (OpenPGP)

1. Click the "Sign/Encrypt Files" button
2. Choose a file within the dialogue
3. Deselect the "Sign" option
4. Select an OpenPGP certificate as target
5. Click the "Sign/Encrypt" button
6. An encrypted file is at the defined target

1.6: Encrypt Files (X.509)

1. Click the "Sign/Encrypt Files" button
2. Choose a file within the dialogue
3. Deselect the "Sign" option
4. Select an X.509 certificate as target
5. Click the "Sign/Encrypt" button
6. An encrypted file is at the defined Target

1.7: Sign Files (OpenPGP)

1. Click the "Sign/Encrypt Files" button
2. Choose a file within the dialogue
3. Deselect the "Encrypt" option
4. Select an OpenPGP certificate as signing source
5. Click the "Sign/Encrypt" button
6. A signed file is at the defined target

1.8: Sign Files (X.509)

1. Click the "Sign/Encrypt Files" button
2. Choose a file within the dialogue
3. Deselect the "Encrypt" option
4. Select an X.509 certificate as signing source
5. Click the "Sign/Encrypt" button
6. An signed file is at the defined Target

1.9: Sign & Encrypt Files (OpenPGP)

1. Click the "Sign/Encrypt Files" button
2. Choose a file within the dialogue
3. Select an OpenPGP certificate as signing source
4. Click the Sign/Encrypt button
5. A signed and enncrypted File is at the defined Target

1.10: Sign & Encrypt Files (X.509)

1. Click the "Sign/Encrypt Files" button
2. Choose a file within the dialogue
3. Select an X.509 certificate as signing source
4. Click the "Sign/Encrypt" button
5. An signed and enncrypted file is at the defined target

1.11: Decrypt Files (OpenPGP)

1. Click the "Verify/Decrypt Files" button
2. Choose a file encrpyted to a OpenPGP certificate within the dialogue
3. Enter the passphrase
4. A decrypted file is at the defined target

1.12: Decrypt Files (X.509)

1. Click the "Verify/Decrypt Files" button
2. Choose a file encrpyted to a X.509 certificate within the dialogue
3. Enter the passphrase
4. A decrypted file is at the defined target

1.13: Check Signature (OpenPGP)

1. Click the "Verify/Decrypt Files" button
2. Choose a signed file within the dialogue
3. Enter the passphraseS
4. A decrypted file is at the defined target

1.14: Lookup Key on Server (OpenPGP)

If no Server is defined, please execute Testsuite 2.8 first.

1. Click on "Lookup on Server"
2. Search for a name (i.E. "Einstein")
3. Select a key
4. Click the "Import" button
5. The imported key appears in the "Imported Certificates" tab

1.14: Lookup Key on Server (X.509)

If no Server is defined, please execute Testsuite 2.7 first.

1. Click on "Lookup on Server"
2. Search for a name (i.E. "Einstein")
3. Select a key
4. Click the "Import" button
5. The imported key appears in the "Imported Certificates" tab

1.15: Export public and private Key (OpenPGP)

1. Right click on a key you created before
2. Click the "Export..." button
3. Select a location in the dialogue
4. Click the "Save Button"
5. The eported key is at the choosen location

1.16: Certify otheres Certificates (OpenPGP)

1. Rightclick a previously imported public key
2. Select the "Certify" option
3. Select the UIDs you want to certify
4. Approve, that fingerprints are checked
5. Select that you want to approve it just for yourself
6. klick the "Approve" button
7. Enter the passphrase of your identity
8. Finish the dialogue
9. Rightclick on the previously trusted key
10. Click on details
11. Check the trust level

1.17: Change Owner Trust (OpenPGP)

1. Right click on a imported public key
2. Select the "Change Ownertrust" option
3. Select one of the given options

Testsuite 2: Advanced Functions

2.1: Import Revocation Certificates (OpenPGP)

1. Click on "File" in the menu-bar
2. Select the "Import" option
3. Select a revocation certificate for an imported certificate
4. Click "Import"

2.2: Certificate Revocation List (X.509)

1. Select "Extras" in the menu-bar
2. Choose the "Import Revocation List from File" option
3. Select the revocation certificate list on the file dialogue

2.3: Check Trust-Chains in WoT (OpenPGP)

1. Create two additional OpenPGP certificates
2. Set the owner-trust with your first certificate on the second certificate
3. Change the trust with the second certificate on the third
4. Sign with the second certificate on the third
5. Export the public key of the second and third key
6. Delete the second and third key
7. Import the public keys of the second and third key
8. Check the trust on the third key

2.4: Check TrustLevels in TOFU (OpenPGP)

2.5: Check Mixed Encryption with X.509 and OpenPGP

1. Select the "File Sing/Encrypt" option
2. Select a file from the file dialogue
3. Deselect the "Sign" option
4. Select two recipients, one OpenPGP and X.509 certificate
5. Click the "Sign/Encrypt" button

2.6: Check GnuPG-Tar Encryption (OpenPGP)

1. Click on "File" in the menu-bar
2. Select the "Sign/Encrypt Folder" option
3. Select a folder from the dialgue
4. Click the "Sign/Encrypt" button
5. Enter your passphrase
6. The encrypted folder is at the selected destination

2.7: Create Certificate Server (X.509)

1. Select "Settings" in menu-bar
2. Click the "Kleopatra Settings"
3. Click on "New" and select X.509 in the certificate server dialogue
4. Enter the details of your server

2.7: Create Certificate Server (OpenPGP)

1. Select "Settings" in menu-bar
2. Click the "Kleopatra Settings"
3. Click on "New" and select OpenPGP in the certificate server dialogue
4. Enter the details of your server

2.8: Change Validity (OpenPGP)

1. Right click one of your own OpenPGP certificates
2. Click on details
3. Click on "Change" next to the "Expires" option
4. Select a date
5. Click on "O.K."

2.9: Export Trustchain (X.509)

1. Right click on your own X.509 root
2. Choose "Export Certificates"
3. Select a destination to save to
4. Click "Save"

2.10: Check Certificate Details (OpenPGP)

1. Right click a OpenPGP certificate
2. Choose "Details"
3. Choose "More Details"
4. Check the existing subkeys

2.11: Check Certificate Details (X.509)

1. Right click a certificate
2. Choose "Details"
3. Choose "More Details"
4. Check the certificate dump

2.12: add UID to Key (OpenPGP)

1. Right click a certificate
2. Choose "Details"
3. Click "Add email adress"
4. Enter some random Information
5. Approve the dialogue
6. Enter your passphrase

2.13: create Certificate using ECC Brainpool (OpenPGP)

1. Choose "File" from menu-bar
2. Select the "OpenPGP" option
3. Enter some random information
4. Select the "Advanced Options..." button
5. Select the "ECDSA" option
6. Choose a "brainpool" alogrithm
7. Select "OK"
8. Select "Next" in the initial dialogue
9. Enter a passphrase
10. The created key appears in the overview

Testsuite 3: Interoperability

3.1: Check Integrity of Downloaded Files with Signatures

1. Download a file and the signatures of it (e.g. https://www.gnupg.org/download/)
2. Download the signing keys (e.g. https://www.gnupg.org/signature_key.html)
3. Import the signing keys
4. Select the "Check and Decrypt Files" option
5. Select the downloaded signature

3.2: Decrypt File that was encrypted under Linux (OpenPGP)

1. Select the "Check and Decrypt Files" option
2. Select the encrypted file
3. Enter your passphrase

3.3: Decrypt File that was encrypted under Linux (X.509)

1. Select the "Check and Decrypt Files" option
2. Select the encrypted file
3. Enter your passphrase

3.4: Check Signature on File that was signed under linux (OpenPGP)

1. Select the "Check and Decrypt Files" option
2. Select the signed file

3.5: Check Signature on File that was signed under linux (X.509)

1. Select the "Check and Decrypt Files" option
2. Select the signed file

Testsuite 4: Kleoptra Smartcard Support

4.1: Initialize OpenPGP Smartcard

4.2: Use OpenPGP Smartcard for Encryption (OpenPGP 2.1)

4.3: Use OpenPGP Smartcard for Signing

4.4: Use X.509 Smartcard for Encryption (NetKey Card)

4.5: Use X.509 Smartcard for Signing (NetKey Card)

4.6: Use X.509 Smartcard for Trusted Signing (NetKey Card)