It is not really important for the tests to have a good entropy source and gathering entropy makes the tests awfully slow. Therefore, I think that using the '--debug-quick-random' would be really helpful there.

I'm attaching a patch.

My previous patch didn't cover doctests. This one does.

I can't use this as is, since only GnuPG >= 2.0 supports the --debug-quick-random flag. However, I will consider trying to incorporate it conditionally in test_gnupg.py (that means it won't be added to the doctests).

After adding --debug-quick-random, the signature verification test fails. If I remove it, it works again. This is on GnuPG 2.0.9. So I'll leave it out for now. Apparently, when using the fake RNG, a key needs to be marked as insecure, but the key was created using --debug-quick-random and apparently not marked as insecure. The info message from gpg is

"... key is not flagged as insecure - can't use it with the faked RNG!"

but it's not clear to me exactly what's meant by "flagged as insecure".

Ah, that explains those test failures :). Good I didn't get around to reporting the bug yet ;).

About the bug, I'll try to find out how to solve it. Sadly, it seems that normal GPG use works just fine for me:

$ gpg --verify 1.gpg gpg: Signature made Wed Jan 23 16:48:56 2013 CET using RSA key ID 30AF62AB gpg: Good signature from "test dupa (insecure!)"

Well, it seems that it just requires the key comment to contain the word '(insecure!)' like it does by default when created with fake RNG. Attaching a patch for your convenience ;).

Thanks for hunting that down - that change to the comment seems to have fixed it; the failure no longer occurs. I'll aim to add this to the tests for 0.3.3 (though doctests still won't be covered).

Just to clarify how I expect it to work: the tests will look for an environment variable called GPGBINARY, and default to 'gpg' if it's not present. That value is passed as the gpgbinary kwarg to the GPG constructor in the test. So,

python test_gnupg.py

will use 'gpg', and

GPGBINARY=gpg2 python test_gnupg.py

will use 'gpg2'.

The version provided by the executable in response to --version will be examined and, if >= 2, the --debug-quick-random option will be set in the setUp procedure.

In the test case key generation code, if --debug-quick-random is in the options, then ' (insecure!)' will be present in the Name-Comment for the key.

That sounds neat, thanks. However, I would just add ' (insecure!)' unconditionally ;).

Comment deleted