Teemu Likonen [2019-07-12T19:42:39+03] wrote: > Below is a new version with NEWS entries. One entry is under Message and > the other under EasyPG because this touches both. One NEWS item was badly formatted. I'll try again... -- >8 -- Subject: [PATCH v3] MML/EPG: Add support for GnuPG's --sender option An already existing variable mml-secure-openpgp-sign-with-sender (if non-nil) makes MML security to use message sender's email address to find signer's key from GnuPG keyring. This commit enhances the feature to also use sender's email address with GnuPG's --sender option to clarify which user id made the signature. The option is useful for two reasons when verifying the signature: - GnuPG's TOFU statistics are updated for the specific user id (email) only - GnuPG's --auto-key-retrieve functionality can use WKD (web key directory) method for finding the signer's key. Quotes from gpg(1) manual page (version 2.2.17): --auto-key-retrieve --no-auto-key-retrieve These options enable or disable the automatic retrieving of keys from a keyserver when verifying signatures made by keys that are not on the local keyring. The default is --no-auto-key-retrieve. The order of methods tried to lookup the key is: [...] 2. If the signature has the Signer's UID set (e.g. using --sender while creating the signature) a Web Key Directory (WKD) lookup is done. This is the default configuration but can be disabled by removing WKD from the auto-key-locate list or by using the option --disable-signer-uid. [...] --sender mbox This option has two purposes. mbox must either be a complete user id with a proper mail address or just a mail address. When creating a signature this option tells gpg the user id of a key used to make a signature if the key was not directly specified by a user id. When verifying a signature the mbox is used to restrict the information printed by the TOFU code to matching user ids. --- etc/NEWS | 23 +++++++++++++++++++++++ lisp/epg.el | 8 ++++++++ lisp/gnus/mml-sec.el | 9 +++++++-- 3 files changed, 38 insertions(+), 2 deletions(-) diff --git a/etc/NEWS b/etc/NEWS index 966bdda456..1a17e132c7 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -1379,6 +1379,22 @@ are formatted as MIME digests. *** 'message-forward-included-headers' has changed its default to exclude most headers when forwarding. +*** 'mml-secure-openpgp-sign-with-sender' sets also "gpg --sender" +When 'mml-secure-openpgp-sign-with-sender' is non-nil message sender's +email address (in addition to its old behaviour) will also be used to +set gpg's "--sender email@domain" option. + +The option is useful for two reasons when verifying the signature: + + 1. GnuPG's TOFU statistics are updated for the specific user id + (email) only. See gpg(1) man page about "--sender". + + 2. GnuPG's --auto-key-retrieve functionality can use WKD (web key + directory) method for finding the signer's key. You need GnuPG + 2.2.17 to fully benefit from this feature. See gpg(1) man page for + "--auto-key-retrieve". + +--- ** EasyPG --- @@ -1391,6 +1407,13 @@ It now applies to epg functions as well as epa functions. been removed. Use 'encode-coding-string', 'decode-coding-string', and 'select-safe-coding-system' instead. +*** 'epg-context' structure supports now 'sender' slot +The value of the new 'sender' slot (if a string) is used to set gpg's +--sender option. This feature is used by +'mml-secure-openpgp-sign-with-sender'. See gpg(1) manual page about +"--sender" for more information. + +--- ** Rmail +++ diff --git a/lisp/epg.el b/lisp/epg.el index 8029bf5a93..ce58c520f1 100644 --- a/lisp/epg.el +++ b/lisp/epg.el @@ -208,6 +208,7 @@ 'epg-error progress-callback edit-callback signers + sender sig-notations process output-file @@ -1616,6 +1617,9 @@ epg-start-sign (epg-sub-key-id (car (epg-key-sub-key-list signer))))) (epg-context-signers context))) + (let ((sender (epg-context-sender context))) + (when (stringp sender) + (list "--sender" sender))) (epg--args-from-sig-notations (epg-context-sig-notations context)) (if (epg-data-file plain) @@ -1711,6 +1715,10 @@ epg-start-encrypt signer))))) (epg-context-signers context)))) (if sign + (let ((sender (epg-context-sender context))) + (when (stringp sender) + (list "--sender" sender)))) + (if sign (epg--args-from-sig-notations (epg-context-sig-notations context))) (apply #'nconc diff --git a/lisp/gnus/mml-sec.el b/lisp/gnus/mml-sec.el index 02a27b367c..07d2028534 100644 --- a/lisp/gnus/mml-sec.el +++ b/lisp/gnus/mml-sec.el @@ -497,7 +497,8 @@ mml-secure-smime-encrypt-to-self 'mml2015-sign-with-sender 'mml-secure-openpgp-sign-with-sender "25.1") ;mml1991-sign-with-sender did never exist. (defcustom mml-secure-openpgp-sign-with-sender nil - "If t, use message sender to find an OpenPGP key to sign with." + "If t, use message sender to find an OpenPGP key to sign with. +Also use message's sender with GnuPG's --sender option." :group 'mime-security :type 'boolean) @@ -913,7 +914,9 @@ mml-secure-epg-encrypt cipher signers) (when sign (setq signers (mml-secure-signers context signer-names)) - (setf (epg-context-signers context) signers)) + (setf (epg-context-signers context) signers) + (when mml-secure-openpgp-sign-with-sender + (setf (epg-context-sender context) sender))) (when (eq 'OpenPGP protocol) (setf (epg-context-armor context) t) (setf (epg-context-textmode context) t)) @@ -944,6 +947,8 @@ mml-secure-epg-sign (setf (epg-context-armor context) t) (setf (epg-context-textmode context) t)) (setf (epg-context-signers context) signers) + (when mml-secure-openpgp-sign-with-sender + (setf (epg-context-sender context) sender)) (when (mml-secure-cache-passphrase-p protocol) (epg-context-set-passphrase-callback context -- 2.20.1 -- /// OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450 // https://keys.openpgp.org/search?q=tlikonen@iki.fi / https://keybase.io/tlikonen https://github.com/tlikonen