[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] MML/EPG: Add support for GnuPG's --sender option
|
From: |
Teemu Likonen |
|
Subject: |
Re: [PATCH] MML/EPG: Add support for GnuPG's --sender option |
|
Date: |
Fri, 12 Jul 2019 19:42:39 +0300 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.2.90 (gnu/linux) |
Lars Ingebrigtsen [2019-07-12T16:22:41+02] wrote:
> Teemu Likonen <address@hidden> writes:
>> This commit enhances the feature to also use sender's email address
>> with GnuPG's (gpg) --sender option to clarify which user id made the
>> signature. The option is useful for two reasons when verifying the
>> signature:
> I think this makes sense, and the patch looks good. Perhaps this
> should also have a NEWS entry?
Below is a new version with NEWS entries. One entry is under Message and
the other under EasyPG because this touches both.
-- >8 --
Subject: [PATCH v2] MML/EPG: Add support for GnuPG's --sender option
An already existing variable mml-secure-openpgp-sign-with-sender (if
non-nil) makes MML security to use message sender's email address to
find signer's key from GnuPG keyring.
This commit enhances the feature to also use sender's email address
with GnuPG's --sender option to clarify which user id made the
signature. The option is useful for two reasons when verifying the
signature:
- GnuPG's TOFU statistics are updated for the specific user
id (email) only
- GnuPG's --auto-key-retrieve functionality can use WKD (web key
directory) method for finding the signer's key.
Quotes from gpg(1) manual page (version 2.2.17):
--auto-key-retrieve
--no-auto-key-retrieve
These options enable or disable the automatic retrieving of
keys from a keyserver when verifying signatures made by
keys that are not on the local keyring. The default is
--no-auto-key-retrieve.
The order of methods tried to lookup the key is:
[...]
2. If the signature has the Signer's UID set (e.g. using
--sender while creating the signature) a Web Key
Directory (WKD) lookup is done. This is the default
configuration but can be disabled by removing WKD from the
auto-key-locate list or by using the option
--disable-signer-uid.
[...]
--sender mbox
This option has two purposes. mbox must either be a
complete user id with a proper mail address or just a mail
address. When creating a signature this option tells gpg
the user id of a key used to make a signature if the key
was not directly specified by a user id. When verifying a
signature the mbox is used to restrict the information
printed by the TOFU code to matching user ids.
---
etc/NEWS | 22 ++++++++++++++++++++++
lisp/epg.el | 8 ++++++++
lisp/gnus/mml-sec.el | 9 +++++++--
3 files changed, 37 insertions(+), 2 deletions(-)
diff --git a/etc/NEWS b/etc/NEWS
index 966bdda456..6ec036dd43 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -1377,10 +1377,26 @@ are formatted as MIME digests.
+++
*** 'message-forward-included-headers' has changed its default to
exclude most headers when forwarding.
+*** 'mml-secure-openpgp-sign-with-sender' sets also "gpg --sender"
+When 'mml-secure-openpgp-sign-with-sender' is non-nil message sender's
+email address (in addition to its old behaviour) will also be used to
+set gpg's "--sender email@domain" option.
+
+The option is useful for two reasons when verifying the signature:
+
+ 1. GnuPG's TOFU statistics are updated for the specific user id
+ (email) only. See gpg(1) man page about "--sender".
+
+ 2. GnuPG's --auto-key-retrieve functionality can use WKD (web key
+ directory) method for finding the signer's key. You need GnuPG
+ 2.2.17 to fully benefit from this feature. See gpg(1) man page for
+ "--auto-key-retrieve".
+
+---
** EasyPG
---
*** 'epa-pinentry-mode' is renamed to 'epg-pinentry-mode'.
It now applies to epg functions as well as epa functions.
@@ -1389,10 +1405,16 @@ It now applies to epg functions as well as epa
functions.
*** The alias functions 'epa--encode-coding-string',
'epa--decode-coding-string', and 'epa--select-safe-coding-system' have
been removed. Use 'encode-coding-string', 'decode-coding-string', and
'select-safe-coding-system' instead.
+*** 'epg-context' structure supports now 'sender' slot The value of
+the new 'sender' slot (if a string) is used to set gpg's --sender
+option. This feature is used by 'mml-secure-openpgp-sign-with-sender'
+See gpg(1) manual page about "--sender" for more information.
+
+---
** Rmail
+++
*** New user option 'rmail-output-reset-deleted-flag'.
If this option is non-nil, messages appended to an output file by the
diff --git a/lisp/epg.el b/lisp/epg.el
index 8029bf5a93..ce58c520f1 100644
--- a/lisp/epg.el
+++ b/lisp/epg.el
@@ -206,10 +206,11 @@ 'epg-error
compress-algorithm
(passphrase-callback (list #'epg-passphrase-callback-function))
progress-callback
edit-callback
signers
+ sender
sig-notations
process
output-file
result
operation
@@ -1614,10 +1615,13 @@ epg-start-sign
(lambda (signer)
(list "-u"
(epg-sub-key-id
(car (epg-key-sub-key-list signer)))))
(epg-context-signers context)))
+ (let ((sender (epg-context-sender context)))
+ (when (stringp sender)
+ (list "--sender" sender)))
(epg--args-from-sig-notations
(epg-context-sig-notations context))
(if (epg-data-file plain)
(list "--" (epg-data-file plain)))))
;; `gpgsm' does not read passphrase from stdin, so waiting is not needed.
@@ -1709,10 +1713,14 @@ epg-start-encrypt
(epg-sub-key-id
(car (epg-key-sub-key-list
signer)))))
(epg-context-signers context))))
(if sign
+ (let ((sender (epg-context-sender context)))
+ (when (stringp sender)
+ (list "--sender" sender))))
+ (if sign
(epg--args-from-sig-notations
(epg-context-sig-notations context)))
(apply #'nconc
(mapcar
(lambda (recipient)
diff --git a/lisp/gnus/mml-sec.el b/lisp/gnus/mml-sec.el
index 02a27b367c..07d2028534 100644
--- a/lisp/gnus/mml-sec.el
+++ b/lisp/gnus/mml-sec.el
@@ -495,11 +495,12 @@ mml-secure-smime-encrypt-to-self
(define-obsolete-variable-alias
'mml2015-sign-with-sender 'mml-secure-openpgp-sign-with-sender "25.1")
;mml1991-sign-with-sender did never exist.
(defcustom mml-secure-openpgp-sign-with-sender nil
- "If t, use message sender to find an OpenPGP key to sign with."
+ "If t, use message sender to find an OpenPGP key to sign with.
+Also use message's sender with GnuPG's --sender option."
:group 'mime-security
:type 'boolean)
(define-obsolete-variable-alias
'mml-smime-sign-with-sender 'mml-secure-smime-sign-with-sender "25.1")
@@ -911,11 +912,13 @@ mml-secure-epg-encrypt
(recipients (mml-secure-recipients protocol context config sender))
(signer-names (mml-secure-signer-names protocol sender))
cipher signers)
(when sign
(setq signers (mml-secure-signers context signer-names))
- (setf (epg-context-signers context) signers))
+ (setf (epg-context-signers context) signers)
+ (when mml-secure-openpgp-sign-with-sender
+ (setf (epg-context-sender context) sender)))
(when (eq 'OpenPGP protocol)
(setf (epg-context-armor context) t)
(setf (epg-context-textmode context) t))
(when (mml-secure-cache-passphrase-p protocol)
(epg-context-set-passphrase-callback
@@ -942,10 +945,12 @@ mml-secure-epg-sign
signature micalg)
(when (eq 'OpenPGP protocol)
(setf (epg-context-armor context) t)
(setf (epg-context-textmode context) t))
(setf (epg-context-signers context) signers)
+ (when mml-secure-openpgp-sign-with-sender
+ (setf (epg-context-sender context) sender))
(when (mml-secure-cache-passphrase-p protocol)
(epg-context-set-passphrase-callback
context
(cons 'mml-secure-passphrase-callback protocol)))
(condition-case error
--
2.20.1
--
/// OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
// https://keys.openpgp.org/search?q=address@hidden
/ https://keybase.io/tlikonen https://github.com/tlikonen
signature.asc
Description: PGP signature