[PATCH] MML/EPG: Add support for GnuPG's --sender option

[PATCH] MML/EPG: Add support for GnuPG's --sender option

[Teemu Likonen]

[-- Attachment #1: Type: text/plain, Size: 4887 bytes --]

An already existing variable mml-secure-openpgp-sign-with-sender (if
non-nil) makes MML security to use message sender's email address to
find signer's key from GnuPG keyring.

This commit enhances the feature to also use sender's email address with
GnuPG's (gpg) --sender option to clarify which user id made the
signature. The option is useful for two reasons when verifying the
signature:

 1. GnuPG's TOFU statistics are updated for the specific user id (email)
    only

 2. GnuPG's --auto-key-retrieve functionality can use WKD (web key
    directory) method for finding the signer's key.

Quotes from gpg(1) manual page (version 2.2.17):

    --auto-key-retrieve
    --no-auto-key-retrieve
           These options enable or disable the automatic retrieving of
           keys from a keyserver when verifying signatures made by
           keys that are not on the local keyring.  The default is
           --no-auto-key-retrieve.

           The order of methods tried to lookup the key is:

    [...]

           2.  If the signature has the Signer's UID set (e.g. using
           --sender while creating the signature) a Web Key
           Directory (WKD) lookup is done.  This is the default
           configuration but can be disabled by removing WKD from the
           auto-key-locate list or by using the option
           --disable-signer-uid.

    [...]

    --sender mbox
           This option has two purposes.  mbox must either be a
           complete user id with a proper mail address or just a mail
           address.  When creating a signature this option tells gpg
           the user id of a key used to make a signature if the key
           was not directly specified by a user id.  When verifying a
           signature the mbox is used to restrict the information
           printed by the TOFU code to matching user ids.
---
 lisp/epg.el          | 8 ++++++++
 lisp/gnus/mml-sec.el | 9 +++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/lisp/epg.el b/lisp/epg.el
index 8029bf5a93..ce58c520f1 100644
--- a/lisp/epg.el
+++ b/lisp/epg.el
@@ -208,6 +208,7 @@ 'epg-error
   progress-callback
   edit-callback
   signers
+  sender
   sig-notations
   process
   output-file
@@ -1616,6 +1617,9 @@ epg-start-sign
 				     (epg-sub-key-id
 				      (car (epg-key-sub-key-list signer)))))
 			     (epg-context-signers context)))
+                     (let ((sender (epg-context-sender context)))
+                       (when (stringp sender)
+                         (list "--sender" sender)))
 		     (epg--args-from-sig-notations
 		      (epg-context-sig-notations context))
 		     (if (epg-data-file plain)
@@ -1711,6 +1715,10 @@ epg-start-encrypt
 						signer)))))
 				 (epg-context-signers context))))
 		     (if sign
+                         (let ((sender (epg-context-sender context)))
+                           (when (stringp sender)
+                             (list "--sender" sender))))
+                     (if sign
 			 (epg--args-from-sig-notations
 			  (epg-context-sig-notations context)))
 		     (apply #'nconc
diff --git a/lisp/gnus/mml-sec.el b/lisp/gnus/mml-sec.el
index 02a27b367c..07d2028534 100644
--- a/lisp/gnus/mml-sec.el
+++ b/lisp/gnus/mml-sec.el
@@ -497,7 +497,8 @@ mml-secure-smime-encrypt-to-self
   'mml2015-sign-with-sender 'mml-secure-openpgp-sign-with-sender "25.1")
 ;mml1991-sign-with-sender did never exist.
 (defcustom mml-secure-openpgp-sign-with-sender nil
-  "If t, use message sender to find an OpenPGP key to sign with."
+  "If t, use message sender to find an OpenPGP key to sign with.
+Also use message's sender with GnuPG's --sender option."
   :group 'mime-security
   :type 'boolean)
 
@@ -913,7 +914,9 @@ mml-secure-epg-encrypt
 	 cipher signers)
     (when sign
       (setq signers (mml-secure-signers context signer-names))
-      (setf (epg-context-signers context) signers))
+      (setf (epg-context-signers context) signers)
+      (when mml-secure-openpgp-sign-with-sender
+        (setf (epg-context-sender context) sender)))
     (when (eq 'OpenPGP protocol)
       (setf (epg-context-armor context) t)
       (setf (epg-context-textmode context) t))
@@ -944,6 +947,8 @@ mml-secure-epg-sign
       (setf (epg-context-armor context) t)
       (setf (epg-context-textmode context) t))
     (setf (epg-context-signers context) signers)
+    (when mml-secure-openpgp-sign-with-sender
+      (setf (epg-context-sender context) sender))
     (when (mml-secure-cache-passphrase-p protocol)
       (epg-context-set-passphrase-callback
        context
-- 
2.20.1



-- 
///  OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
//  https://keys.openpgp.org/search?q=tlikonen@iki.fi
/  https://keybase.io/tlikonen  https://github.com/tlikonen

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 507 bytes --]

Re: [PATCH] MML/EPG: Add support for GnuPG's --sender option

[Lars Ingebrigtsen]

Teemu Likonen <tlikonen@iki.fi> writes:

> This commit enhances the feature to also use sender's email address with
> GnuPG's (gpg) --sender option to clarify which user id made the
> signature. The option is useful for two reasons when verifying the
> signature:
>
>  1. GnuPG's TOFU statistics are updated for the specific user id (email)
>     only
>
>  2. GnuPG's --auto-key-retrieve functionality can use WKD (web key
>     directory) method for finding the signer's key.

I think this makes sense, and the patch looks good.  Perhaps this should
also have a NEWS entry?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Re: [PATCH] MML/EPG: Add support for GnuPG's --sender option

[Teemu Likonen]

[-- Attachment #1: Type: text/plain, Size: 8393 bytes --]

Lars Ingebrigtsen [2019-07-12T16:22:41+02] wrote:

> Teemu Likonen <tlikonen@iki.fi> writes:
>> This commit enhances the feature to also use sender's email address
>> with GnuPG's (gpg) --sender option to clarify which user id made the
>> signature. The option is useful for two reasons when verifying the
>> signature:

> I think this makes sense, and the patch looks good. Perhaps this
> should also have a NEWS entry?

Below is a new version with NEWS entries. One entry is under Message and
the other under EasyPG because this touches both.

-- >8 --
Subject: [PATCH v2] MML/EPG: Add support for GnuPG's --sender option

An already existing variable mml-secure-openpgp-sign-with-sender (if
non-nil) makes MML security to use message sender's email address to
find signer's key from GnuPG keyring.

This commit enhances the feature to also use sender's email address
with GnuPG's --sender option to clarify which user id made the
signature. The option is useful for two reasons when verifying the
signature:

  - GnuPG's TOFU statistics are updated for the specific user
    id (email) only

  - GnuPG's --auto-key-retrieve functionality can use WKD (web key
    directory) method for finding the signer's key.

Quotes from gpg(1) manual page (version 2.2.17):

    --auto-key-retrieve
    --no-auto-key-retrieve
           These options enable or disable the automatic retrieving of
           keys from a keyserver when verifying signatures made by
           keys that are not on the local keyring.  The default is
           --no-auto-key-retrieve.

           The order of methods tried to lookup the key is:

    [...]

           2.  If the signature has the Signer's UID set (e.g. using
           --sender while creating the signature) a Web Key
           Directory (WKD) lookup is done.  This is the default
           configuration but can be disabled by removing WKD from the
           auto-key-locate list or by using the option
           --disable-signer-uid.

    [...]

    --sender mbox
           This option has two purposes.  mbox must either be a
           complete user id with a proper mail address or just a mail
           address.  When creating a signature this option tells gpg
           the user id of a key used to make a signature if the key
           was not directly specified by a user id.  When verifying a
           signature the mbox is used to restrict the information
           printed by the TOFU code to matching user ids.
---
 etc/NEWS             | 22 ++++++++++++++++++++++
 lisp/epg.el          |  8 ++++++++
 lisp/gnus/mml-sec.el |  9 +++++++--
 3 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/etc/NEWS b/etc/NEWS
index 966bdda456..6ec036dd43 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -1377,10 +1377,26 @@ are formatted as MIME digests.
 
 +++
 *** 'message-forward-included-headers' has changed its default to
 exclude most headers when forwarding.
 
+*** 'mml-secure-openpgp-sign-with-sender' sets also "gpg --sender"
+When 'mml-secure-openpgp-sign-with-sender' is non-nil message sender's
+email address (in addition to its old behaviour) will also be used to
+set gpg's "--sender email@domain" option.
+
+The option is useful for two reasons when verifying the signature:
+
+ 1. GnuPG's TOFU statistics are updated for the specific user id
+    (email) only. See gpg(1) man page about "--sender".
+
+ 2. GnuPG's --auto-key-retrieve functionality can use WKD (web key
+    directory) method for finding the signer's key. You need GnuPG
+    2.2.17 to fully benefit from this feature. See gpg(1) man page for
+    "--auto-key-retrieve".
+
+---
 ** EasyPG
 
 ---
 *** 'epa-pinentry-mode' is renamed to 'epg-pinentry-mode'.
 It now applies to epg functions as well as epa functions.
@@ -1389,10 +1405,16 @@ It now applies to epg functions as well as epa functions.
 *** The alias functions 'epa--encode-coding-string',
 'epa--decode-coding-string', and 'epa--select-safe-coding-system' have
 been removed.  Use 'encode-coding-string', 'decode-coding-string', and
 'select-safe-coding-system' instead.
 
+*** 'epg-context' structure supports now 'sender' slot The value of
+the new 'sender' slot (if a string) is used to set gpg's --sender
+option. This feature is used by 'mml-secure-openpgp-sign-with-sender'
+See gpg(1) manual page about "--sender" for more information.
+
+---
 ** Rmail
 
 +++
 *** New user option 'rmail-output-reset-deleted-flag'.
 If this option is non-nil, messages appended to an output file by the
diff --git a/lisp/epg.el b/lisp/epg.el
index 8029bf5a93..ce58c520f1 100644
--- a/lisp/epg.el
+++ b/lisp/epg.el
@@ -206,10 +206,11 @@ 'epg-error
   compress-algorithm
   (passphrase-callback (list #'epg-passphrase-callback-function))
   progress-callback
   edit-callback
   signers
+  sender
   sig-notations
   process
   output-file
   result
   operation
@@ -1614,10 +1615,13 @@ epg-start-sign
 			     (lambda (signer)
 			       (list "-u"
 				     (epg-sub-key-id
 				      (car (epg-key-sub-key-list signer)))))
 			     (epg-context-signers context)))
+                     (let ((sender (epg-context-sender context)))
+                       (when (stringp sender)
+                         (list "--sender" sender)))
 		     (epg--args-from-sig-notations
 		      (epg-context-sig-notations context))
 		     (if (epg-data-file plain)
 			 (list "--" (epg-data-file plain)))))
   ;; `gpgsm' does not read passphrase from stdin, so waiting is not needed.
@@ -1709,10 +1713,14 @@ epg-start-encrypt
 					 (epg-sub-key-id
 					  (car (epg-key-sub-key-list
 						signer)))))
 				 (epg-context-signers context))))
 		     (if sign
+                         (let ((sender (epg-context-sender context)))
+                           (when (stringp sender)
+                             (list "--sender" sender))))
+                     (if sign
 			 (epg--args-from-sig-notations
 			  (epg-context-sig-notations context)))
 		     (apply #'nconc
 			    (mapcar
 			     (lambda (recipient)
diff --git a/lisp/gnus/mml-sec.el b/lisp/gnus/mml-sec.el
index 02a27b367c..07d2028534 100644
--- a/lisp/gnus/mml-sec.el
+++ b/lisp/gnus/mml-sec.el
@@ -495,11 +495,12 @@ mml-secure-smime-encrypt-to-self
 
 (define-obsolete-variable-alias
   'mml2015-sign-with-sender 'mml-secure-openpgp-sign-with-sender "25.1")
 ;mml1991-sign-with-sender did never exist.
 (defcustom mml-secure-openpgp-sign-with-sender nil
-  "If t, use message sender to find an OpenPGP key to sign with."
+  "If t, use message sender to find an OpenPGP key to sign with.
+Also use message's sender with GnuPG's --sender option."
   :group 'mime-security
   :type 'boolean)
 
 (define-obsolete-variable-alias
   'mml-smime-sign-with-sender 'mml-secure-smime-sign-with-sender "25.1")
@@ -911,11 +912,13 @@ mml-secure-epg-encrypt
 	 (recipients (mml-secure-recipients protocol context config sender))
 	 (signer-names (mml-secure-signer-names protocol sender))
 	 cipher signers)
     (when sign
       (setq signers (mml-secure-signers context signer-names))
-      (setf (epg-context-signers context) signers))
+      (setf (epg-context-signers context) signers)
+      (when mml-secure-openpgp-sign-with-sender
+        (setf (epg-context-sender context) sender)))
     (when (eq 'OpenPGP protocol)
       (setf (epg-context-armor context) t)
       (setf (epg-context-textmode context) t))
     (when (mml-secure-cache-passphrase-p protocol)
       (epg-context-set-passphrase-callback
@@ -942,10 +945,12 @@ mml-secure-epg-sign
 	 signature micalg)
     (when (eq 'OpenPGP protocol)
       (setf (epg-context-armor context) t)
       (setf (epg-context-textmode context) t))
     (setf (epg-context-signers context) signers)
+    (when mml-secure-openpgp-sign-with-sender
+      (setf (epg-context-sender context) sender))
     (when (mml-secure-cache-passphrase-p protocol)
       (epg-context-set-passphrase-callback
        context
        (cons 'mml-secure-passphrase-callback protocol)))
     (condition-case error
-- 
2.20.1




-- 
///  OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
//  https://keys.openpgp.org/search?q=tlikonen@iki.fi
/  https://keybase.io/tlikonen  https://github.com/tlikonen

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 507 bytes --]

Re: [PATCH] MML/EPG: Add support for GnuPG's --sender option

[Teemu Likonen]

[-- Attachment #1: Type: text/plain, Size: 6752 bytes --]

Teemu Likonen [2019-07-12T19:42:39+03] wrote:

> Below is a new version with NEWS entries. One entry is under Message and
> the other under EasyPG because this touches both.

One NEWS item was badly formatted. I'll try again...

-- >8 --
Subject: [PATCH v3] MML/EPG: Add support for GnuPG's --sender option

An already existing variable mml-secure-openpgp-sign-with-sender (if
non-nil) makes MML security to use message sender's email address to
find signer's key from GnuPG keyring.

This commit enhances the feature to also use sender's email address
with GnuPG's --sender option to clarify which user id made the
signature. The option is useful for two reasons when verifying the
signature:

  - GnuPG's TOFU statistics are updated for the specific user
    id (email) only

  - GnuPG's --auto-key-retrieve functionality can use WKD (web key
    directory) method for finding the signer's key.

Quotes from gpg(1) manual page (version 2.2.17):

    --auto-key-retrieve
    --no-auto-key-retrieve
           These options enable or disable the automatic retrieving of
           keys from a keyserver when verifying signatures made by
           keys that are not on the local keyring.  The default is
           --no-auto-key-retrieve.

           The order of methods tried to lookup the key is:

    [...]

           2.  If the signature has the Signer's UID set (e.g. using
           --sender while creating the signature) a Web Key
           Directory (WKD) lookup is done.  This is the default
           configuration but can be disabled by removing WKD from the
           auto-key-locate list or by using the option
           --disable-signer-uid.

    [...]

    --sender mbox
           This option has two purposes.  mbox must either be a
           complete user id with a proper mail address or just a mail
           address.  When creating a signature this option tells gpg
           the user id of a key used to make a signature if the key
           was not directly specified by a user id.  When verifying a
           signature the mbox is used to restrict the information
           printed by the TOFU code to matching user ids.
---
 etc/NEWS             | 23 +++++++++++++++++++++++
 lisp/epg.el          |  8 ++++++++
 lisp/gnus/mml-sec.el |  9 +++++++--
 3 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/etc/NEWS b/etc/NEWS
index 966bdda456..1a17e132c7 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -1379,6 +1379,22 @@ are formatted as MIME digests.
 *** 'message-forward-included-headers' has changed its default to
 exclude most headers when forwarding.
 
+*** 'mml-secure-openpgp-sign-with-sender' sets also "gpg --sender"
+When 'mml-secure-openpgp-sign-with-sender' is non-nil message sender's
+email address (in addition to its old behaviour) will also be used to
+set gpg's "--sender email@domain" option.
+
+The option is useful for two reasons when verifying the signature:
+
+ 1. GnuPG's TOFU statistics are updated for the specific user id
+    (email) only. See gpg(1) man page about "--sender".
+
+ 2. GnuPG's --auto-key-retrieve functionality can use WKD (web key
+    directory) method for finding the signer's key. You need GnuPG
+    2.2.17 to fully benefit from this feature. See gpg(1) man page for
+    "--auto-key-retrieve".
+
+---
 ** EasyPG
 
 ---
@@ -1391,6 +1407,13 @@ It now applies to epg functions as well as epa functions.
 been removed.  Use 'encode-coding-string', 'decode-coding-string', and
 'select-safe-coding-system' instead.
 
+*** 'epg-context' structure supports now 'sender' slot
+The value of the new 'sender' slot (if a string) is used to set gpg's
+--sender option. This feature is used by
+'mml-secure-openpgp-sign-with-sender'. See gpg(1) manual page about
+"--sender" for more information.
+
+---
 ** Rmail
 
 +++
diff --git a/lisp/epg.el b/lisp/epg.el
index 8029bf5a93..ce58c520f1 100644
--- a/lisp/epg.el
+++ b/lisp/epg.el
@@ -208,6 +208,7 @@ 'epg-error
   progress-callback
   edit-callback
   signers
+  sender
   sig-notations
   process
   output-file
@@ -1616,6 +1617,9 @@ epg-start-sign
 				     (epg-sub-key-id
 				      (car (epg-key-sub-key-list signer)))))
 			     (epg-context-signers context)))
+                     (let ((sender (epg-context-sender context)))
+                       (when (stringp sender)
+                         (list "--sender" sender)))
 		     (epg--args-from-sig-notations
 		      (epg-context-sig-notations context))
 		     (if (epg-data-file plain)
@@ -1711,6 +1715,10 @@ epg-start-encrypt
 						signer)))))
 				 (epg-context-signers context))))
 		     (if sign
+                         (let ((sender (epg-context-sender context)))
+                           (when (stringp sender)
+                             (list "--sender" sender))))
+                     (if sign
 			 (epg--args-from-sig-notations
 			  (epg-context-sig-notations context)))
 		     (apply #'nconc
diff --git a/lisp/gnus/mml-sec.el b/lisp/gnus/mml-sec.el
index 02a27b367c..07d2028534 100644
--- a/lisp/gnus/mml-sec.el
+++ b/lisp/gnus/mml-sec.el
@@ -497,7 +497,8 @@ mml-secure-smime-encrypt-to-self
   'mml2015-sign-with-sender 'mml-secure-openpgp-sign-with-sender "25.1")
 ;mml1991-sign-with-sender did never exist.
 (defcustom mml-secure-openpgp-sign-with-sender nil
-  "If t, use message sender to find an OpenPGP key to sign with."
+  "If t, use message sender to find an OpenPGP key to sign with.
+Also use message's sender with GnuPG's --sender option."
   :group 'mime-security
   :type 'boolean)
 
@@ -913,7 +914,9 @@ mml-secure-epg-encrypt
 	 cipher signers)
     (when sign
       (setq signers (mml-secure-signers context signer-names))
-      (setf (epg-context-signers context) signers))
+      (setf (epg-context-signers context) signers)
+      (when mml-secure-openpgp-sign-with-sender
+        (setf (epg-context-sender context) sender)))
     (when (eq 'OpenPGP protocol)
       (setf (epg-context-armor context) t)
       (setf (epg-context-textmode context) t))
@@ -944,6 +947,8 @@ mml-secure-epg-sign
       (setf (epg-context-armor context) t)
       (setf (epg-context-textmode context) t))
     (setf (epg-context-signers context) signers)
+    (when mml-secure-openpgp-sign-with-sender
+      (setf (epg-context-sender context) sender))
     (when (mml-secure-cache-passphrase-p protocol)
       (epg-context-set-passphrase-callback
        context
-- 
2.20.1

-- 
///  OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
//  https://keys.openpgp.org/search?q=tlikonen@iki.fi
/  https://keybase.io/tlikonen  https://github.com/tlikonen

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 507 bytes --]

Re: [PATCH] MML/EPG: Add support for GnuPG's --sender option

[Lars Ingebrigtsen]

Teemu Likonen <tlikonen@iki.fi> writes:

>> Below is a new version with NEWS entries. One entry is under Message and
>> the other under EasyPG because this touches both.
>
> One NEWS item was badly formatted. I'll try again...

Thanks; looks good to me.  I've now applied it to the Emacs trunk.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Re: [PATCH] MML/EPG: Add support for GnuPG's --sender option

[Eli Zaretskii]

> From: Teemu Likonen <tlikonen@iki.fi>
> Date: Fri, 12 Jul 2019 15:21:58 +0300
> Cc: simon@josefsson.org, larsi@gnus.org, ueno@unixuser.org

Lars, any comments?  Should I go ahead and push this?

> An already existing variable mml-secure-openpgp-sign-with-sender (if
> non-nil) makes MML security to use message sender's email address to
> find signer's key from GnuPG keyring.
> 
> This commit enhances the feature to also use sender's email address with
> GnuPG's (gpg) --sender option to clarify which user id made the
> signature. The option is useful for two reasons when verifying the
> signature:
> 
>  1. GnuPG's TOFU statistics are updated for the specific user id (email)
>     only
> 
>  2. GnuPG's --auto-key-retrieve functionality can use WKD (web key
>     directory) method for finding the signer's key.
> 
> Quotes from gpg(1) manual page (version 2.2.17):
> 
>     --auto-key-retrieve
>     --no-auto-key-retrieve
>            These options enable or disable the automatic retrieving of
>            keys from a keyserver when verifying signatures made by
>            keys that are not on the local keyring.  The default is
>            --no-auto-key-retrieve.
> 
>            The order of methods tried to lookup the key is:
> 
>     [...]
> 
>            2.  If the signature has the Signer's UID set (e.g. using
>            --sender while creating the signature) a Web Key
>            Directory (WKD) lookup is done.  This is the default
>            configuration but can be disabled by removing WKD from the
>            auto-key-locate list or by using the option
>            --disable-signer-uid.
> 
>     [...]
> 
>     --sender mbox
>            This option has two purposes.  mbox must either be a
>            complete user id with a proper mail address or just a mail
>            address.  When creating a signature this option tells gpg
>            the user id of a key used to make a signature if the key
>            was not directly specified by a user id.  When verifying a
>            signature the mbox is used to restrict the information
>            printed by the TOFU code to matching user ids.
> ---
>  lisp/epg.el          | 8 ++++++++
>  lisp/gnus/mml-sec.el | 9 +++++++--
>  2 files changed, 15 insertions(+), 2 deletions(-)
> 
> diff --git a/lisp/epg.el b/lisp/epg.el
> index 8029bf5a93..ce58c520f1 100644
> --- a/lisp/epg.el
> +++ b/lisp/epg.el
> @@ -208,6 +208,7 @@ 'epg-error
>    progress-callback
>    edit-callback
>    signers
> +  sender
>    sig-notations
>    process
>    output-file
> @@ -1616,6 +1617,9 @@ epg-start-sign
>  				     (epg-sub-key-id
>  				      (car (epg-key-sub-key-list signer)))))
>  			     (epg-context-signers context)))
> +                     (let ((sender (epg-context-sender context)))
> +                       (when (stringp sender)
> +                         (list "--sender" sender)))
>  		     (epg--args-from-sig-notations
>  		      (epg-context-sig-notations context))
>  		     (if (epg-data-file plain)
> @@ -1711,6 +1715,10 @@ epg-start-encrypt
>  						signer)))))
>  				 (epg-context-signers context))))
>  		     (if sign
> +                         (let ((sender (epg-context-sender context)))
> +                           (when (stringp sender)
> +                             (list "--sender" sender))))
> +                     (if sign
>  			 (epg--args-from-sig-notations
>  			  (epg-context-sig-notations context)))
>  		     (apply #'nconc
> diff --git a/lisp/gnus/mml-sec.el b/lisp/gnus/mml-sec.el
> index 02a27b367c..07d2028534 100644
> --- a/lisp/gnus/mml-sec.el
> +++ b/lisp/gnus/mml-sec.el
> @@ -497,7 +497,8 @@ mml-secure-smime-encrypt-to-self
>    'mml2015-sign-with-sender 'mml-secure-openpgp-sign-with-sender "25.1")
>  ;mml1991-sign-with-sender did never exist.
>  (defcustom mml-secure-openpgp-sign-with-sender nil
> -  "If t, use message sender to find an OpenPGP key to sign with."
> +  "If t, use message sender to find an OpenPGP key to sign with.
> +Also use message's sender with GnuPG's --sender option."
>    :group 'mime-security
>    :type 'boolean)
>  
> @@ -913,7 +914,9 @@ mml-secure-epg-encrypt
>  	 cipher signers)
>      (when sign
>        (setq signers (mml-secure-signers context signer-names))
> -      (setf (epg-context-signers context) signers))
> +      (setf (epg-context-signers context) signers)
> +      (when mml-secure-openpgp-sign-with-sender
> +        (setf (epg-context-sender context) sender)))
>      (when (eq 'OpenPGP protocol)
>        (setf (epg-context-armor context) t)
>        (setf (epg-context-textmode context) t))
> @@ -944,6 +947,8 @@ mml-secure-epg-sign
>        (setf (epg-context-armor context) t)
>        (setf (epg-context-textmode context) t))
>      (setf (epg-context-signers context) signers)
> +    (when mml-secure-openpgp-sign-with-sender
> +      (setf (epg-context-sender context) sender))
>      (when (mml-secure-cache-passphrase-p protocol)
>        (epg-context-set-passphrase-callback
>         context
> -- 
> 2.20.1
> 
> 
> 
> -- 
> ///  OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
> //  https://keys.openpgp.org/search?q=tlikonen@iki.fi
> /  https://keybase.io/tlikonen  https://github.com/tlikonen
> 
> [2:application/pgp-signature Show Save:signature.asc (507B)]
> 

Re: [PATCH] MML/EPG: Add support for GnuPG's --sender option

[Lars Ingebrigtsen]

Eli Zaretskii <eliz@gnu.org> writes:

>> From: Teemu Likonen <tlikonen@iki.fi>
>> Date: Fri, 12 Jul 2019 15:21:58 +0300
>> Cc: simon@josefsson.org, larsi@gnus.org, ueno@unixuser.org
>
> Lars, any comments?  Should I go ahead and push this?

I am unfortunately completely unfamiliar with the epg code (and don't
use signing myself), so I can't really say.

(There's a bunch of mml/gnus+epg-related bug reports in the bug tracker,
and I've been meaning to start using the stuff so that I can get those
bugs fixed, but tried to set it up and gave up in frustration after
trying for half an hour the other month...)

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Re: [PATCH] MML/EPG: Add support for GnuPG's --sender option

[Teemu Likonen]

[-- Attachment #1: Type: text/plain, Size: 888 bytes --]

Eli Zaretskii [2019-07-26T09:41:56+03] wrote:

> Lars, any comments?  Should I go ahead and push this?

Already pushed (and thanks him for that):

commit 74579d3d2bb82f300a6f2d81b7b559f0a24061db
Author:     Teemu Likonen <tlikonen@iki.fi>
AuthorDate: 2019-07-13 02:12:58 +0200
Commit:     Lars Ingebrigtsen <larsi@gnus.org>
CommitDate: 2019-07-13 02:13:40 +0200

    Use the gpg --sender option
    
    * lisp/epg.el (epg-start-encrypt)
    * lisp/gnus/mml-sec.el (mml-secure-epg-encrypt): When
    'mml-secure-openpgp-sign-with-sender' is non-nil message sender's
    email address (in addition to its old behaviour) will also be used
    to set gpg's "--sender email@domain" option.

-- 
///  OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
//  https://keys.openpgp.org/search?q=tlikonen@iki.fi
/  https://keybase.io/tlikonen  https://github.com/tlikonen

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 507 bytes --]

Re: [PATCH] MML/EPG: Add support for GnuPG's --sender option

[Lars Ingebrigtsen]

Teemu Likonen <tlikonen@iki.fi> writes:

> Eli Zaretskii [2019-07-26T09:41:56+03] wrote:
>
>> Lars, any comments?  Should I go ahead and push this?
>
> Already pushed (and thanks him for that):

Oops.  I should read emails more closely; I thought this was about a
different EPG thing I was looking at recently; sorry for the confusion.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no