= Kleopatra Test Plan **Status: in progress** <> == Introduction The purpose of this test plan is to ensure Kleopatra works well on all supported operating systems. == Test environment Choose one combination of the following target platforms supported by Kleopatra. Operating system: * Windows Vista (32 or 64bit) * Windows 7 (32 or 64bit) * Windows 8 (32 or 64bit) * Windows 10 (32 or 64bit) It is recommended to use a clean virtual test environment, e.g. with [[https://www.virtualbox.org/|VirtualBox]]. == Preconditions * GnuPG (latest release) Installed * Kleoptra Installed * ~OpenPGP public key (*.asc or *.gpg) and private key (*.asc or *.gpg) * S/~M~I~M~E certificate chain (*.pem) and private key (*.p12) == Tests === Testsuite 1: Basic Functions ==== 1.1: Create Certificates (OpenPGP) # Choose "File" from menu-bar # Click "New Secret Key" # Choose "OpenPGP Keypair" # Fill in some random information # Choose a passphrase # The new certificate will appear in the overview ==== 1.2: Create Certificate-Request (X.509) # Choose "File" from menu-bar # Click "New Secret Key" # Choose "X.509 Keypair" # Fill some random information # Choose a passphrase # Save the certificate request to file ==== 1.3: Import Certificates (OpenPGP) # Choose "File" from menu-bar # Click "Import..." # Navigate to a previously exported certificate # Click "Open" # The imported certificate will appear in the overview ==== 1.4: Import Certificates incl. Trustchain (X.509) # Choose "File" from menu-bar # Click "Import..." # Navigate to a previously exported certificate # Click "Open" # The imported certificate will appear in the overview ==== 1.5: Encrypt Files (OpenPGP) # Click the "Sign/Encrypt Files" button # Choose a file within the dialogue # Deselect the "Sign" option # Select an OpenPGP certificate as target # Click the "Sign/Encrypt" button # An encrypted file is at the defined target ==== 1.6: Encrypt Files (X.509) # Click the "Sign/Encrypt Files" button # Choose a file within the dialogue # Deselect the "Sign" option # Select an X.509 certificate as target # Click the "Sign/Encrypt" button # An encrypted file is at the defined Target ==== 1.7: Sign Files (OpenPGP) # Click the "Sign/Encrypt Files" button # Choose a file within the dialogue # Deselect the "Encrypt" option # Select an OpenPGP certificate as signing source # Click the "Sign/Encrypt" button # A signed file is at the defined target ==== 1.8: Sign Files (X.509) # Click the "Sign/Encrypt Files" button # Choose a file within the dialogue # Deselect the "Encrypt" option # Select an X.509 certificate as signing source # Click the "Sign/Encrypt" button # An signed file is at the defined Target ==== 1.9: Sign & Encrypt Files (OpenPGP) # Click the "Sign/Encrypt Files" button # Choose a file within the dialogue # Select an OpenPGP certificate as signing source # Click the Sign/Encrypt button # A signed and enncrypted File is at the defined Target ==== 1.10: Sign & Encrypt Files (X.509) # Click the "Sign/Encrypt Files" button # Choose a file within the dialogue # Select an X.509 certificate as signing source # Click the "Sign/Encrypt" button # An signed and enncrypted file is at the defined target ==== 1.11: Decrypt Files (OpenPGP) # Click the "Verify/Decrypt Files" button # Choose a file encrpyted to a OpenPGP certificate within the dialogue # Enter the passphrase # A decrypted file is at the defined target ==== 1.12: Decrypt Files (X.509) # Click the "Verify/Decrypt Files" button # Choose a file encrpyted to a X.509 certificate within the dialogue # Enter the passphrase # A decrypted file is at the defined target ==== 1.13: Check Signature (OpenPGP) # Click the "Verify/Decrypt Files" button # Choose a signed file within the dialogue # Enter the passphraseS # A decrypted file is at the defined target ==== 1.14: Lookup Key on Server (OpenPGP) If no Server is defined, please execute Testsuite 2.8 first. # Click on "Lookup on Server" # Search for a name (i.E. "Einstein") # Select a key # Click the "Import" button # The imported key appears in the "Imported Certificates" tab ==== 1.14: Lookup Key on Server (X.509) If no Server is defined, please execute Testsuite 2.7 first. # Click on "Lookup on Server" # Search for a name (i.E. "Einstein") # Select a key # Click the "Import" button # The imported key appears in the "Imported Certificates" tab ==== 1.15: Export public and private Key (OpenPGP) # Right click on a key you created before # Click the "Export..." button # Select a location in the dialogue # Click the "Save Button" # The eported key is at the choosen location ==== 1.16: Certify otheres Certificates (OpenPGP) # Rightclick a previously imported public key # Select the "Certify" option # Select the UIDs you want to certify # Approve, that fingerprints are checked # Select that you want to approve it just for yourself # klick the "Approve" button # Enter the passphrase of your identity # Finish the dialogue # Rightclick on the previously trusted key # Click on details # Check the trust level ==== 1.17: Change Owner Trust (OpenPGP) # Right click on a imported public key # Select the "Change Ownertrust" option # Select one of the given options === Testsuite 2: Advanced Functions ==== 2.1: Import Revocation Certificates (OpenPGP) # Click on "File" in the menu-bar # Select the "Import" option # Select a revocation certificate for an imported certificate # Click "Import" ==== 2.2: Certificate Revocation List (X.509) # Select "Extras" in the menu-bar # Choose the "Import Revocation List from File" option # Select the revocation certificate list on the file dialogue ==== 2.3: Check Trust-Chains in WoT (OpenPGP) # Create two additional OpenPGP certificates # Set the owner-trust with your first certificate on the second certificate # Change the trust with the second certificate on the third # Sign with the second certificate on the third # Export the public key of the second and third key # Delete the second and third key # Import the public keys of the second and third key # Check the trust on the third key ==== 2.4: Check TrustLevels in TOFU (OpenPGP) ==== 2.5: Check Mixed Encryption with X.509 and OpenPGP # Select the "File Sing/Encrypt" option # Select a file from the file dialogue # Deselect the "Sign" option # Select two recipients, one OpenPGP and X.509 certificate # Click the "Sign/Encrypt" button ==== 2.6: Check GnuPG-Tar Encryption (OpenPGP) # Click on "File" in the menu-bar # Select the "Sign/Encrypt Folder" option # Select a folder from the dialgue # Click the "Sign/Encrypt" button # Enter your passphrase # The encrypted folder is at the selected destination ==== 2.7: Create Certificate Server (X.509) # Select "Settings" in menu-bar # Click the "Kleopatra Settings" # Click on "New" and select X.509 in the certificate server dialogue # Enter the details of your server ==== 2.7: Create Certificate Server (OpenPGP) # Select "Settings" in menu-bar # Click the "Kleopatra Settings" # Click on "New" and select OpenPGP in the certificate server dialogue # Enter the details of your server ==== 2.8: Change Validity (OpenPGP) # Right click one of your own OpenPGP certificates # Click on details # Click on "Change" next to the "Expires" option # Select a date # Click on "O.K." ==== 2.9: Export Trustchain (X.509) # Right click on your own X.509 root # Choose "Export Certificates" # Select a destination to save to # Click "Save" ==== 2.10: Check Certificate Details (OpenPGP) # Right click a OpenPGP certificate # Choose "Details" # Choose "More Details" # Check the existing subkeys ==== 2.11: Check Certificate Details (X.509) # Right click a certificate # Choose "Details" # Choose "More Details" # Check the certificate dump ==== 2.12: add UID to Key (OpenPGP) # Right click a certificate # Choose "Details" # Click "Add email adress" # Enter some random Information # Approve the dialogue # Enter your passphrase ==== 2.13: create Certificate using ECC Brainpool (OpenPGP) # Choose "File" from menu-bar # Select the "OpenPGP" option # Enter some random information # Select the "Advanced Options..." button # Select the "ECDSA" option # Choose a "brainpool" alogrithm # Select "OK" # Select "Next" in the initial dialogue # Enter a passphrase # The created key appears in the overview === Testsuite 3: Interoperability ==== 3.1: Check Integrity of Downloaded Files with Signatures # Download a file and the signatures of it (e.g. https://www.gnupg.org/download/) # Download the signing keys (e.g. https://www.gnupg.org/signature_key.html) # Import the signing keys # Select the "Check and Decrypt Files" option # Select the downloaded signature ==== 3.2: Decrypt File that was encrypted under Linux (OpenPGP) # Select the "Check and Decrypt Files" option # Select the encrypted file # Enter your passphrase ==== 3.3: Decrypt File that was encrypted under Linux (X.509) # Select the "Check and Decrypt Files" option # Select the encrypted file # Enter your passphrase ==== 3.4: Check Signature on File that was signed under linux (OpenPGP) # Select the "Check and Decrypt Files" option # Select the signed file ==== 3.5: Check Signature on File that was signed under linux (X.509) # Select the "Check and Decrypt Files" option # Select the signed file === Testsuite 4: Kleoptra Smartcard Support ==== 4.1: Initialize OpenPGP Smartcard ==== 4.2: Use OpenPGP Smartcard for Encryption (OpenPGP 2.1) ==== 4.3: Use OpenPGP Smartcard for Signing ==== 4.4: Use X.509 Smartcard for Encryption (NetKey Card) ==== 4.5: Use X.509 Smartcard for Signing (NetKey Card) ==== 4.6: Use X.509 Smartcard for Trusted Signing (NetKey Card)