Lars Ingebrigtsen [2019-07-12T16:22:41+02] wrote: > Teemu Likonen writes: >> This commit enhances the feature to also use sender's email address >> with GnuPG's (gpg) --sender option to clarify which user id made the >> signature. The option is useful for two reasons when verifying the >> signature: > I think this makes sense, and the patch looks good. Perhaps this > should also have a NEWS entry? Below is a new version with NEWS entries. One entry is under Message and the other under EasyPG because this touches both. -- >8 -- Subject: [PATCH v2] MML/EPG: Add support for GnuPG's --sender option An already existing variable mml-secure-openpgp-sign-with-sender (if non-nil) makes MML security to use message sender's email address to find signer's key from GnuPG keyring. This commit enhances the feature to also use sender's email address with GnuPG's --sender option to clarify which user id made the signature. The option is useful for two reasons when verifying the signature: - GnuPG's TOFU statistics are updated for the specific user id (email) only - GnuPG's --auto-key-retrieve functionality can use WKD (web key directory) method for finding the signer's key. Quotes from gpg(1) manual page (version 2.2.17): --auto-key-retrieve --no-auto-key-retrieve These options enable or disable the automatic retrieving of keys from a keyserver when verifying signatures made by keys that are not on the local keyring. The default is --no-auto-key-retrieve. The order of methods tried to lookup the key is: [...] 2. If the signature has the Signer's UID set (e.g. using --sender while creating the signature) a Web Key Directory (WKD) lookup is done. This is the default configuration but can be disabled by removing WKD from the auto-key-locate list or by using the option --disable-signer-uid. [...] --sender mbox This option has two purposes. mbox must either be a complete user id with a proper mail address or just a mail address. When creating a signature this option tells gpg the user id of a key used to make a signature if the key was not directly specified by a user id. When verifying a signature the mbox is used to restrict the information printed by the TOFU code to matching user ids. --- etc/NEWS | 22 ++++++++++++++++++++++ lisp/epg.el | 8 ++++++++ lisp/gnus/mml-sec.el | 9 +++++++-- 3 files changed, 37 insertions(+), 2 deletions(-) diff --git a/etc/NEWS b/etc/NEWS index 966bdda456..6ec036dd43 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -1377,10 +1377,26 @@ are formatted as MIME digests. +++ *** 'message-forward-included-headers' has changed its default to exclude most headers when forwarding. +*** 'mml-secure-openpgp-sign-with-sender' sets also "gpg --sender" +When 'mml-secure-openpgp-sign-with-sender' is non-nil message sender's +email address (in addition to its old behaviour) will also be used to +set gpg's "--sender email@domain" option. + +The option is useful for two reasons when verifying the signature: + + 1. GnuPG's TOFU statistics are updated for the specific user id + (email) only. See gpg(1) man page about "--sender". + + 2. GnuPG's --auto-key-retrieve functionality can use WKD (web key + directory) method for finding the signer's key. You need GnuPG + 2.2.17 to fully benefit from this feature. See gpg(1) man page for + "--auto-key-retrieve". + +--- ** EasyPG --- *** 'epa-pinentry-mode' is renamed to 'epg-pinentry-mode'. It now applies to epg functions as well as epa functions. @@ -1389,10 +1405,16 @@ It now applies to epg functions as well as epa functions. *** The alias functions 'epa--encode-coding-string', 'epa--decode-coding-string', and 'epa--select-safe-coding-system' have been removed. Use 'encode-coding-string', 'decode-coding-string', and 'select-safe-coding-system' instead. +*** 'epg-context' structure supports now 'sender' slot The value of +the new 'sender' slot (if a string) is used to set gpg's --sender +option. This feature is used by 'mml-secure-openpgp-sign-with-sender' +See gpg(1) manual page about "--sender" for more information. + +--- ** Rmail +++ *** New user option 'rmail-output-reset-deleted-flag'. If this option is non-nil, messages appended to an output file by the diff --git a/lisp/epg.el b/lisp/epg.el index 8029bf5a93..ce58c520f1 100644 --- a/lisp/epg.el +++ b/lisp/epg.el @@ -206,10 +206,11 @@ 'epg-error compress-algorithm (passphrase-callback (list #'epg-passphrase-callback-function)) progress-callback edit-callback signers + sender sig-notations process output-file result operation @@ -1614,10 +1615,13 @@ epg-start-sign (lambda (signer) (list "-u" (epg-sub-key-id (car (epg-key-sub-key-list signer))))) (epg-context-signers context))) + (let ((sender (epg-context-sender context))) + (when (stringp sender) + (list "--sender" sender))) (epg--args-from-sig-notations (epg-context-sig-notations context)) (if (epg-data-file plain) (list "--" (epg-data-file plain))))) ;; `gpgsm' does not read passphrase from stdin, so waiting is not needed. @@ -1709,10 +1713,14 @@ epg-start-encrypt (epg-sub-key-id (car (epg-key-sub-key-list signer))))) (epg-context-signers context)))) (if sign + (let ((sender (epg-context-sender context))) + (when (stringp sender) + (list "--sender" sender)))) + (if sign (epg--args-from-sig-notations (epg-context-sig-notations context))) (apply #'nconc (mapcar (lambda (recipient) diff --git a/lisp/gnus/mml-sec.el b/lisp/gnus/mml-sec.el index 02a27b367c..07d2028534 100644 --- a/lisp/gnus/mml-sec.el +++ b/lisp/gnus/mml-sec.el @@ -495,11 +495,12 @@ mml-secure-smime-encrypt-to-self (define-obsolete-variable-alias 'mml2015-sign-with-sender 'mml-secure-openpgp-sign-with-sender "25.1") ;mml1991-sign-with-sender did never exist. (defcustom mml-secure-openpgp-sign-with-sender nil - "If t, use message sender to find an OpenPGP key to sign with." + "If t, use message sender to find an OpenPGP key to sign with. +Also use message's sender with GnuPG's --sender option." :group 'mime-security :type 'boolean) (define-obsolete-variable-alias 'mml-smime-sign-with-sender 'mml-secure-smime-sign-with-sender "25.1") @@ -911,11 +912,13 @@ mml-secure-epg-encrypt (recipients (mml-secure-recipients protocol context config sender)) (signer-names (mml-secure-signer-names protocol sender)) cipher signers) (when sign (setq signers (mml-secure-signers context signer-names)) - (setf (epg-context-signers context) signers)) + (setf (epg-context-signers context) signers) + (when mml-secure-openpgp-sign-with-sender + (setf (epg-context-sender context) sender))) (when (eq 'OpenPGP protocol) (setf (epg-context-armor context) t) (setf (epg-context-textmode context) t)) (when (mml-secure-cache-passphrase-p protocol) (epg-context-set-passphrase-callback @@ -942,10 +945,12 @@ mml-secure-epg-sign signature micalg) (when (eq 'OpenPGP protocol) (setf (epg-context-armor context) t) (setf (epg-context-textmode context) t)) (setf (epg-context-signers context) signers) + (when mml-secure-openpgp-sign-with-sender + (setf (epg-context-sender context) sender)) (when (mml-secure-cache-passphrase-p protocol) (epg-context-set-passphrase-callback context (cons 'mml-secure-passphrase-callback protocol))) (condition-case error -- 2.20.1 -- /// OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450 // https://keys.openpgp.org/search?q=tlikonen@iki.fi / https://keybase.io/tlikonen https://github.com/tlikonen