[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] MML/EPG: Add support for GnuPG's --sender option
From: |
Teemu Likonen |
Subject: |
[PATCH] MML/EPG: Add support for GnuPG's --sender option |
Date: |
Fri, 12 Jul 2019 15:21:58 +0300 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.2.90 (gnu/linux) |
An already existing variable mml-secure-openpgp-sign-with-sender (if
non-nil) makes MML security to use message sender's email address to
find signer's key from GnuPG keyring.
This commit enhances the feature to also use sender's email address with
GnuPG's (gpg) --sender option to clarify which user id made the
signature. The option is useful for two reasons when verifying the
signature:
1. GnuPG's TOFU statistics are updated for the specific user id (email)
only
2. GnuPG's --auto-key-retrieve functionality can use WKD (web key
directory) method for finding the signer's key.
Quotes from gpg(1) manual page (version 2.2.17):
--auto-key-retrieve
--no-auto-key-retrieve
These options enable or disable the automatic retrieving of
keys from a keyserver when verifying signatures made by
keys that are not on the local keyring. The default is
--no-auto-key-retrieve.
The order of methods tried to lookup the key is:
[...]
2. If the signature has the Signer's UID set (e.g. using
--sender while creating the signature) a Web Key
Directory (WKD) lookup is done. This is the default
configuration but can be disabled by removing WKD from the
auto-key-locate list or by using the option
--disable-signer-uid.
[...]
--sender mbox
This option has two purposes. mbox must either be a
complete user id with a proper mail address or just a mail
address. When creating a signature this option tells gpg
the user id of a key used to make a signature if the key
was not directly specified by a user id. When verifying a
signature the mbox is used to restrict the information
printed by the TOFU code to matching user ids.
---
lisp/epg.el | 8 ++++++++
lisp/gnus/mml-sec.el | 9 +++++++--
2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/lisp/epg.el b/lisp/epg.el
index 8029bf5a93..ce58c520f1 100644
--- a/lisp/epg.el
+++ b/lisp/epg.el
@@ -208,6 +208,7 @@ 'epg-error
progress-callback
edit-callback
signers
+ sender
sig-notations
process
output-file
@@ -1616,6 +1617,9 @@ epg-start-sign
(epg-sub-key-id
(car (epg-key-sub-key-list signer)))))
(epg-context-signers context)))
+ (let ((sender (epg-context-sender context)))
+ (when (stringp sender)
+ (list "--sender" sender)))
(epg--args-from-sig-notations
(epg-context-sig-notations context))
(if (epg-data-file plain)
@@ -1711,6 +1715,10 @@ epg-start-encrypt
signer)))))
(epg-context-signers context))))
(if sign
+ (let ((sender (epg-context-sender context)))
+ (when (stringp sender)
+ (list "--sender" sender))))
+ (if sign
(epg--args-from-sig-notations
(epg-context-sig-notations context)))
(apply #'nconc
diff --git a/lisp/gnus/mml-sec.el b/lisp/gnus/mml-sec.el
index 02a27b367c..07d2028534 100644
--- a/lisp/gnus/mml-sec.el
+++ b/lisp/gnus/mml-sec.el
@@ -497,7 +497,8 @@ mml-secure-smime-encrypt-to-self
'mml2015-sign-with-sender 'mml-secure-openpgp-sign-with-sender "25.1")
;mml1991-sign-with-sender did never exist.
(defcustom mml-secure-openpgp-sign-with-sender nil
- "If t, use message sender to find an OpenPGP key to sign with."
+ "If t, use message sender to find an OpenPGP key to sign with.
+Also use message's sender with GnuPG's --sender option."
:group 'mime-security
:type 'boolean)
@@ -913,7 +914,9 @@ mml-secure-epg-encrypt
cipher signers)
(when sign
(setq signers (mml-secure-signers context signer-names))
- (setf (epg-context-signers context) signers))
+ (setf (epg-context-signers context) signers)
+ (when mml-secure-openpgp-sign-with-sender
+ (setf (epg-context-sender context) sender)))
(when (eq 'OpenPGP protocol)
(setf (epg-context-armor context) t)
(setf (epg-context-textmode context) t))
@@ -944,6 +947,8 @@ mml-secure-epg-sign
(setf (epg-context-armor context) t)
(setf (epg-context-textmode context) t))
(setf (epg-context-signers context) signers)
+ (when mml-secure-openpgp-sign-with-sender
+ (setf (epg-context-sender context) sender))
(when (mml-secure-cache-passphrase-p protocol)
(epg-context-set-passphrase-callback
context
--
2.20.1
--
/// OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
// https://keys.openpgp.org/search?q=address@hidden
/ https://keybase.io/tlikonen https://github.com/tlikonen
signature.asc
Description: PGP signature