Re: [PATCH] MML/EPG: Add support for GnuPG's --sender option

[Eli Zaretskii <eliz@gnu.org>]

> From: Teemu Likonen <tlikonen@iki.fi>
> Date: Fri, 12 Jul 2019 15:21:58 +0300
> Cc: simon@josefsson.org, larsi@gnus.org, ueno@unixuser.org

Lars, any comments?  Should I go ahead and push this?

> An already existing variable mml-secure-openpgp-sign-with-sender (if
> non-nil) makes MML security to use message sender's email address to
> find signer's key from GnuPG keyring.
> 
> This commit enhances the feature to also use sender's email address with
> GnuPG's (gpg) --sender option to clarify which user id made the
> signature. The option is useful for two reasons when verifying the
> signature:
> 
>  1. GnuPG's TOFU statistics are updated for the specific user id (email)
>     only
> 
>  2. GnuPG's --auto-key-retrieve functionality can use WKD (web key
>     directory) method for finding the signer's key.
> 
> Quotes from gpg(1) manual page (version 2.2.17):
> 
>     --auto-key-retrieve
>     --no-auto-key-retrieve
>            These options enable or disable the automatic retrieving of
>            keys from a keyserver when verifying signatures made by
>            keys that are not on the local keyring.  The default is
>            --no-auto-key-retrieve.
> 
>            The order of methods tried to lookup the key is:
> 
>     [...]
> 
>            2.  If the signature has the Signer's UID set (e.g. using
>            --sender while creating the signature) a Web Key
>            Directory (WKD) lookup is done.  This is the default
>            configuration but can be disabled by removing WKD from the
>            auto-key-locate list or by using the option
>            --disable-signer-uid.
> 
>     [...]
> 
>     --sender mbox
>            This option has two purposes.  mbox must either be a
>            complete user id with a proper mail address or just a mail
>            address.  When creating a signature this option tells gpg
>            the user id of a key used to make a signature if the key
>            was not directly specified by a user id.  When verifying a
>            signature the mbox is used to restrict the information
>            printed by the TOFU code to matching user ids.
> ---
>  lisp/epg.el          | 8 ++++++++
>  lisp/gnus/mml-sec.el | 9 +++++++--
>  2 files changed, 15 insertions(+), 2 deletions(-)
> 
> diff --git a/lisp/epg.el b/lisp/epg.el
> index 8029bf5a93..ce58c520f1 100644
> --- a/lisp/epg.el
> +++ b/lisp/epg.el
> @@ -208,6 +208,7 @@ 'epg-error
>    progress-callback
>    edit-callback
>    signers
> +  sender
>    sig-notations
>    process
>    output-file
> @@ -1616,6 +1617,9 @@ epg-start-sign
>  				     (epg-sub-key-id
>  				      (car (epg-key-sub-key-list signer)))))
>  			     (epg-context-signers context)))
> +                     (let ((sender (epg-context-sender context)))
> +                       (when (stringp sender)
> +                         (list "--sender" sender)))
>  		     (epg--args-from-sig-notations
>  		      (epg-context-sig-notations context))
>  		     (if (epg-data-file plain)
> @@ -1711,6 +1715,10 @@ epg-start-encrypt
>  						signer)))))
>  				 (epg-context-signers context))))
>  		     (if sign
> +                         (let ((sender (epg-context-sender context)))
> +                           (when (stringp sender)
> +                             (list "--sender" sender))))
> +                     (if sign
>  			 (epg--args-from-sig-notations
>  			  (epg-context-sig-notations context)))
>  		     (apply #'nconc
> diff --git a/lisp/gnus/mml-sec.el b/lisp/gnus/mml-sec.el
> index 02a27b367c..07d2028534 100644
> --- a/lisp/gnus/mml-sec.el
> +++ b/lisp/gnus/mml-sec.el
> @@ -497,7 +497,8 @@ mml-secure-smime-encrypt-to-self
>    'mml2015-sign-with-sender 'mml-secure-openpgp-sign-with-sender "25.1")
>  ;mml1991-sign-with-sender did never exist.
>  (defcustom mml-secure-openpgp-sign-with-sender nil
> -  "If t, use message sender to find an OpenPGP key to sign with."
> +  "If t, use message sender to find an OpenPGP key to sign with.
> +Also use message's sender with GnuPG's --sender option."
>    :group 'mime-security
>    :type 'boolean)
>  
> @@ -913,7 +914,9 @@ mml-secure-epg-encrypt
>  	 cipher signers)
>      (when sign
>        (setq signers (mml-secure-signers context signer-names))
> -      (setf (epg-context-signers context) signers))
> +      (setf (epg-context-signers context) signers)
> +      (when mml-secure-openpgp-sign-with-sender
> +        (setf (epg-context-sender context) sender)))
>      (when (eq 'OpenPGP protocol)
>        (setf (epg-context-armor context) t)
>        (setf (epg-context-textmode context) t))
> @@ -944,6 +947,8 @@ mml-secure-epg-sign
>        (setf (epg-context-armor context) t)
>        (setf (epg-context-textmode context) t))
>      (setf (epg-context-signers context) signers)
> +    (when mml-secure-openpgp-sign-with-sender
> +      (setf (epg-context-sender context) sender))
>      (when (mml-secure-cache-passphrase-p protocol)
>        (epg-context-set-passphrase-callback
>         context
> -- 
> 2.20.1
> 
> 
> 
> -- 
> ///  OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
> //  https://keys.openpgp.org/search?q=tlikonen@iki.fi
> /  https://keybase.io/tlikonen  https://github.com/tlikonen
> 
> [2:application/pgp-signature Show Save:signature.asc (507B)]
>