Kleopatra Test Plan

Status: in progress

Introduction

The purpose of this test plan is to ensure Kleopatra works well on all supported operating systems.

Test environment

Choose one combination of the following target platforms supported by Kleopatra.

Operating system:

• Windows Vista (32 or 64bit)
• Windows 7 (32 or 64bit)
• Windows 8 (32 or 64bit)
• Windows 10 (32 or 64bit)

It is recommended to use a clean virtual test environment, e.g. with VirtualBox.

Preconditions

• GnuPG (latest release) installed
• Kleoptra installed
• OpenPGP public key (*.asc or *.gpg) and private key (*.asc or *.gpg)
• S/MIME certificate chain (*.pem) and private key (*.p12)

Tests

Testsuite 1: OpenPGP

1.1: Create certificate

1. Choose "File" from menu bar
2. Click "New Keypair"
3. Choose "OpenPGP Keypair"
4. Fill in some random information
5. Choose a passphrase
6. The new certificate will appear in the overview

1.2: Import certificates

1. Click the "Import" button
2. Navigate to a previously exported certificate
3. Click "Open"
4. The imported certificate will appear in the overview

1.3: Encrypt file

1. Click the "Sign/Encrypt Files" button
2. Choose a file
3. Deselect the "Sign" option
4. Select an OpenPGP certificate as target
5. Click the "Sign/Encrypt" button
6. An encrypted file is at the defined target

1.4: Sign file

1. Click the "Sign/Encrypt" button
2. Choose a file
3. Deselect the "Encrypt" option
4. Select an OpenPGP certificate as signing source
5. Click the "Sign/Encrypt" button
6. A signed file is at the defined target

1.5: Sign & encrypt file

1. Click the "Sign/Encrypt" button
2. Choose a file
3. Select an OpenPGP certificate as signing source
4. Click the Sign/Encrypt button
5. A signed and encrypted file is at the defined target

1.6: Decrypt file

1. Click the "Verify/Decrypt" button
2. Choose an OpenPGP encrpyted file
3. Enter the passphrase
4. A decrypted file is at the defined target

1.7: Verify file

1. Click the "Verify/Decrypt" button
2. Choose an OpenPGP signature file
3. A result dialog shows the signature details

1.8: Create certificate server

1. Select "Settings" in menu bar
2. Click the "Configure Kleopatra..."
3. Click on "New" and select "OpenPGP" in the certificate server dialogue
4. Confirm the server details

1.9: Lookup key on server

1. Click on "Lookup on Server"
2. Search for a name (i.E. "Einstein")
3. Select a key
4. Click the "Import" button
5. The imported key appears in the "Imported Certificates" tab

1.10: Export public and private key

1. Right click on an OpenPGP key
2. Click "Export..."
3. Select a location in the dialogue
4. Click the "Save" button
5. The exported public key is at the choosen location

1.11: Export secret key

1. Right click on a key you created before
2. Click "Export Secret Keys..."
3. Select a location and enter a filename in the dialogue
4. Click "Ok"
5. Enter passphrase
6. The exported secret key is at the choosen location

1.12: Certify a certificate

1. Select a previously imported public key
2. Click "Certify" button
3. Select the UIDs you want to certify
4. Approve, that fingerprints are checked
5. Step 2: Select your certificate and keep option "Certify only for myself"
6. Click "Certify" button
7. Enter the passphrase of your identity
8. Finish the dialogue
9. Open the certificate details of the previously certified key (via double click)
10. The Trust Level column shows now "full"

1.13: Change owner trust

1. Right click on an imported public key
2. Select "Change Owner Trust..."
3. Select one of the given options and confirm with "OK".

1.14: Sign & encrypt folder

1. Click on "File" in the menu bar
2. Select "Sign/Encrypt Folder..."
3. Select a folder
4. Click the "Sign/Encrypt" button
5. Enter your passphrase
6. The encrypted folder is at the selected destination (as tar.gpg archive)

1.15: Create revocation certificate

1. Open certificate details of your own OpenPGP certificate
2. Click "Generate revocation certificate" button
3. Select location and enter filename
4. Enter passphrase
5. The revocation certificate is at the selected destination

1.16: Import revocation certificates

1. Open previously created revocation certificate file in editor and remove manually the comment (until "-----BEGIN PGP PUBLIC KEY BLOCK-----").
2. Click on "Import" button
3. Select the revocation certificate
4. Click "Import"
5. Open the certificate details of the previously certified key (via double click)
6. The Trust Level column shows now "revoked"

1.17: Check trust chains in Web of Trust

1. Create two additional OpenPGP certificates
2. Set the owner trust with your first certificate on the second certificate
3. Change the trust with the second certificate on the third
4. Sign with the second certificate on the third
5. Export the public key of the second and third key
6. Delete the second and third key
7. Import the public keys of the second and third key
8. Check the trust on the third key

1.18: Change validity

1. Open certificate details of your own OpenPGP certificate
2. Click on "Change" next to the "Expires" option
3. Select a date
4. Click "OK"

1.19: Check subkeys

1. Open certificate details of an OpenPGP certificate
2. Choose "More Details"
3. Check the existing subkeys

1.20: Add new UID to key

1. Open certificate details of your own OpenPGP certificate
2. Click "Add email address"
3. Enter some random information
4. Click "OK"
5. Enter your passphrase
6. The new UID is listed in the certificate details table

1.21: Create new OpenPGP certificate using ECC Brainpool

1. Choose "File" from menu bar
2. Click "New Keypair"
3. Choose "OpenPGP Keypair"
4. Enter some random information
5. Click "Advanced Options..."
6. Select the "ECDSA" option
7. Choose a "brainpool" alogrithm
8. Click "OK"
9. Click "Next" in the initial dialogue
10. Enter a passphrase
11. The created key appears in the overview

1.22: Check integrity of downloaded files with signatures

1. Download a file and the signature of it (e.g. https://www.gnupg.org/download/)
2. Download the signing keys (e.g. https://www.gnupg.org/signature_key.html)
3. Import the signing keys
4. Click the "Decrypt/Verify" button in toolbar
5. Select the downloaded signature file
6. A result dialog shows the signature details

1.23: Decrypt file that was encrypted under Linux

1. Click the "Decrypt/Verify" button in toolbar
2. Select the encrypted file
3. Enter your passphrase
4. A decrypted file is at the defined target

1.24: Check signature on file that was signed under Linux

1. Click the "Decrypt/Verify" button in toolbar
2. Select the signature file
3. A result dialog shows the signature details

1.25: Export key with Paperkey

1.26: Import key with Paperkey

1.27: Check trust levels in TOFU

Testsuite 2: X.509

2.1: Create Certificate-Request

1. Choose "File" from menu-bar
2. Click "New Secret Key"
3. Choose "X.509 Keypair"
4. Fill some random information
5. Choose a passphrase
6. Save the certificate request to file

2.2: Import Certificates incl. Trustchain

1. Choose "File" from menu-bar
2. Click "Import..."
3. Navigate to a previously exported certificate
4. Click "Open"
5. The imported certificate will appear in the overview

2.3: Encrypt Files

1. Click the "Sign/Encrypt Files" button
2. Choose a file within the dialogue
3. Deselect the "Sign" option
4. Select an X.509 certificate as target
5. Click the "Sign/Encrypt" button
6. An encrypted file is at the defined Target

2.4: Sign Files

1. Click the "Sign/Encrypt Files" button
2. Choose a file within the dialogue
3. Deselect the "Encrypt" option
4. Select an X.509 certificate as signing source
5. Click the "Sign/Encrypt" button
6. An signed file is at the defined Target

2.5: Sign & Encrypt Files

1. Click the "Sign/Encrypt Files" button
2. Choose a file within the dialogue
3. Select an X.509 certificate as signing source
4. Click the "Sign/Encrypt" button
5. An signed and enncrypted file is at the defined target

2.6: Decrypt Files

1. Click the "Verify/Decrypt Files" button
2. Choose a file encrpyted to a X.509 certificate within the dialogue
3. Enter the passphrase
4. A decrypted file is at the defined target

2.7: Lookup Key on Server

If no Server is defined, please execute Testsuite 2.7 first.

1. Click on "Lookup on Server"
2. Search for a name (i.E. "Einstein")
3. Select a key
4. Click the "Import" button
5. The imported key appears in the "Imported Certificates" tab

2.8: Certificate Revocation List

1. Select "Extras" in the menu-bar
2. Choose the "Import Revocation List from File" option
3. Select the revocation certificate list on the file dialogue

2.9: Check Mixed Encryption with X.509 and OpenPGP

1. Select the "File Sing/Encrypt" option
2. Select a file from the file dialogue
3. Deselect the "Sign" option
4. Select two recipients, one OpenPGP and X.509 certificate
5. Click the "Sign/Encrypt" button

2.10: Create Certificate Server

1. Select "Settings" in menu-bar
2. Click the "Kleopatra Settings"
3. Click on "New" and select X.509 in the certificate server dialogue
4. Enter the details of your server

2.11: Export Trustchain

1. Right click on your own X.509 root
2. Choose "Export Certificates"
3. Select a destination to save to
4. Click "Save"

2.12: Check Certificate Details

1. Right click a certificate
2. Choose "Details"
3. Choose "More Details"
4. Check the certificate dump

2.13: Decrypt File that was encrypted under Linux

1. Select the "Check and Decrypt Files" option
2. Select the encrypted file
3. Enter your passphrase

2.14: Check Signature on File that was signed under Linux

1. Select the "Check and Decrypt Files" option
2. Select the signed file

Testsuite 3: Smartcard OpenPGP (v2.1)

3.1: Initialize OpenPGP Smartcard

1. Shutdown Kleopatra
2. Put the smartcard into your reader
3. Start Kleopatra
4. Choose "Tools" from the menu-bar
5. Select "Smartcard"
6. Press "F5" if no information is shown
7. Click "Generate New Keys" in the window
8. Enter some random information
9. Click "Generate Keys"

3.2: Use OpenPGP Smartcard for Encryption

3.3: Use OpenPGP Smartcard for Signing

Testsuite 4: Smartcard X.509 (NetKey)

4.1: Use X.509 Smartcard for Encryption

4.2: Use X.509 Smartcard for Signing

4.3: Use X.509 Smartcard for Trusted Signing