From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail
From: Teemu Likonen <tlikonen@iki.fi>
Newsgroups: gmane.emacs.devel
Subject: Re: [PATCH] MML/EPG: Add support for GnuPG's --sender option
Date: Fri, 12 Jul 2019 20:53:13 +0300
Message-ID: <87y313jg1i.fsf@iki.fi>
References: <87v9w7zbmh.fsf@iki.fi> <m35zo7uyby.fsf@gnus.org>
 <8736jbkxvk.fsf@iki.fi>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226";
	logging-data="142685"; mail-complaints-to="usenet@blaine.gmane.org"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2.90 (gnu/linux)
Cc: simon@josefsson.org, ueno@unixuser.org, emacs-devel@gnu.org
To: Lars Ingebrigtsen <larsi@gnus.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Jul 12 20:07:51 2019
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.89)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1hlzxR-000acX-P9
	for ged-emacs-devel@m.gmane.org; Fri, 12 Jul 2019 20:07:46 +0200
Original-Received: from localhost ([::1]:51628 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.86_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1hlzjf-0005Tf-5H
	for ged-emacs-devel@m.gmane.org; Fri, 12 Jul 2019 13:53:31 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:44284)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <dtw@kapsi.fi>) id 1hlzjW-0005TZ-RT
 for emacs-devel@gnu.org; Fri, 12 Jul 2019 13:53:24 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <dtw@kapsi.fi>) id 1hlzjV-0005uu-92
 for emacs-devel@gnu.org; Fri, 12 Jul 2019 13:53:22 -0400
Original-Received: from mail.kapsi.fi ([2001:67c:1be8::25]:34991)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <dtw@kapsi.fi>) id 1hlzjU-0005og-J8
 for emacs-devel@gnu.org; Fri, 12 Jul 2019 13:53:21 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi;
 s=20161220; h=Content-Type:MIME-Version:Message-ID:Date:References:
 In-Reply-To:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=Hqw+tQFk8UfBdTjEG6lpsUTvJ9GAqPMtSyCibaEaOGE=; b=gWN9ejZNCkFk9jKwIvbRvWvOpW
 5c785E0kqmfQJM1fCMeUyUodfENvZs8O3Pg8GZBFtGYyKs9rA3eogO1UbY5bxGZ7IjzhRoL2XHavs
 TVpbwQP0SCtk8kfOxSboU/bw44OaqjEYGEi7QgbeqlD9l+7V+wEqJpoQ/+mnzoOaH613hb74oeMft
 GKKJkUaNB+5Yh2x76KdD6KQBCVRgpwR12Po1nznnH5oZwILRlPIh30C2KUgHb1A+ZhyiMJza9zegy
 xfRAboazQ9nuPt+xolmvMVtuoHJCqktaYYJcyDn3ML+aCrBoYlsfptJ4QYSu7m7Yo+vEYRfPMGrfr
 xtA2erpQ==;
Original-Received: from mobile-access-bcee90-49.dhcp.inet.fi ([188.238.144.49]
 helo=mithlond)
 by mail.kapsi.fi with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.89) (envelope-from <tlikonen@iki.fi>)
 id 1hlzjO-0005d4-Fu; Fri, 12 Jul 2019 20:53:14 +0300
In-Reply-To: <8736jbkxvk.fsf@iki.fi> (Teemu Likonen's message of "Fri, 12 Jul
 2019 19:42:39 +0300")
X-SA-Exim-Connect-IP: 188.238.144.49
X-SA-Exim-Mail-From: tlikonen@iki.fi
X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2001:67c:1be8::25
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:238529
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/238529>

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Teemu Likonen [2019-07-12T19:42:39+03] wrote:

> Below is a new version with NEWS entries. One entry is under Message and
> the other under EasyPG because this touches both.

One NEWS item was badly formatted. I'll try again...

=2D- >8 --
Subject: [PATCH v3] MML/EPG: Add support for GnuPG's --sender option

An already existing variable mml-secure-openpgp-sign-with-sender (if
non-nil) makes MML security to use message sender's email address to
find signer's key from GnuPG keyring.

This commit enhances the feature to also use sender's email address
with GnuPG's --sender option to clarify which user id made the
signature. The option is useful for two reasons when verifying the
signature:

  - GnuPG's TOFU statistics are updated for the specific user
    id (email) only

  - GnuPG's --auto-key-retrieve functionality can use WKD (web key
    directory) method for finding the signer's key.

Quotes from gpg(1) manual page (version 2.2.17):

    --auto-key-retrieve
    --no-auto-key-retrieve
           These options enable or disable the automatic retrieving of
           keys from a keyserver when verifying signatures made by
           keys that are not on the local keyring.  The default is
           --no-auto-key-retrieve.

           The order of methods tried to lookup the key is:

    [...]

           2.  If the signature has the Signer's UID set (e.g. using
           --sender while creating the signature) a Web Key
           Directory (WKD) lookup is done.  This is the default
           configuration but can be disabled by removing WKD from the
           auto-key-locate list or by using the option
           --disable-signer-uid.

    [...]

    --sender mbox
           This option has two purposes.  mbox must either be a
           complete user id with a proper mail address or just a mail
           address.  When creating a signature this option tells gpg
           the user id of a key used to make a signature if the key
           was not directly specified by a user id.  When verifying a
           signature the mbox is used to restrict the information
           printed by the TOFU code to matching user ids.
=2D--
 etc/NEWS             | 23 +++++++++++++++++++++++
 lisp/epg.el          |  8 ++++++++
 lisp/gnus/mml-sec.el |  9 +++++++--
 3 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/etc/NEWS b/etc/NEWS
index 966bdda456..1a17e132c7 100644
=2D-- a/etc/NEWS
+++ b/etc/NEWS
@@ -1379,6 +1379,22 @@ are formatted as MIME digests.
 *** 'message-forward-included-headers' has changed its default to
 exclude most headers when forwarding.
=20
+*** 'mml-secure-openpgp-sign-with-sender' sets also "gpg --sender"
+When 'mml-secure-openpgp-sign-with-sender' is non-nil message sender's
+email address (in addition to its old behaviour) will also be used to
+set gpg's "--sender email@domain" option.
+
+The option is useful for two reasons when verifying the signature:
+
+ 1. GnuPG's TOFU statistics are updated for the specific user id
+    (email) only. See gpg(1) man page about "--sender".
+
+ 2. GnuPG's --auto-key-retrieve functionality can use WKD (web key
+    directory) method for finding the signer's key. You need GnuPG
+    2.2.17 to fully benefit from this feature. See gpg(1) man page for
+    "--auto-key-retrieve".
+
+---
 ** EasyPG
=20
 ---
@@ -1391,6 +1407,13 @@ It now applies to epg functions as well as epa funct=
ions.
 been removed.  Use 'encode-coding-string', 'decode-coding-string', and
 'select-safe-coding-system' instead.
=20
+*** 'epg-context' structure supports now 'sender' slot
+The value of the new 'sender' slot (if a string) is used to set gpg's
+--sender option. This feature is used by
+'mml-secure-openpgp-sign-with-sender'. See gpg(1) manual page about
+"--sender" for more information.
+
+---
 ** Rmail
=20
 +++
diff --git a/lisp/epg.el b/lisp/epg.el
index 8029bf5a93..ce58c520f1 100644
=2D-- a/lisp/epg.el
+++ b/lisp/epg.el
@@ -208,6 +208,7 @@ 'epg-error
   progress-callback
   edit-callback
   signers
+  sender
   sig-notations
   process
   output-file
@@ -1616,6 +1617,9 @@ epg-start-sign
 				     (epg-sub-key-id
 				      (car (epg-key-sub-key-list signer)))))
 			     (epg-context-signers context)))
+                     (let ((sender (epg-context-sender context)))
+                       (when (stringp sender)
+                         (list "--sender" sender)))
 		     (epg--args-from-sig-notations
 		      (epg-context-sig-notations context))
 		     (if (epg-data-file plain)
@@ -1711,6 +1715,10 @@ epg-start-encrypt
 						signer)))))
 				 (epg-context-signers context))))
 		     (if sign
+                         (let ((sender (epg-context-sender context)))
+                           (when (stringp sender)
+                             (list "--sender" sender))))
+                     (if sign
 			 (epg--args-from-sig-notations
 			  (epg-context-sig-notations context)))
 		     (apply #'nconc
diff --git a/lisp/gnus/mml-sec.el b/lisp/gnus/mml-sec.el
index 02a27b367c..07d2028534 100644
=2D-- a/lisp/gnus/mml-sec.el
+++ b/lisp/gnus/mml-sec.el
@@ -497,7 +497,8 @@ mml-secure-smime-encrypt-to-self
   'mml2015-sign-with-sender 'mml-secure-openpgp-sign-with-sender "25.1")
 ;mml1991-sign-with-sender did never exist.
 (defcustom mml-secure-openpgp-sign-with-sender nil
=2D  "If t, use message sender to find an OpenPGP key to sign with."
+  "If t, use message sender to find an OpenPGP key to sign with.
+Also use message's sender with GnuPG's --sender option."
   :group 'mime-security
   :type 'boolean)
=20
@@ -913,7 +914,9 @@ mml-secure-epg-encrypt
 	 cipher signers)
     (when sign
       (setq signers (mml-secure-signers context signer-names))
=2D      (setf (epg-context-signers context) signers))
+      (setf (epg-context-signers context) signers)
+      (when mml-secure-openpgp-sign-with-sender
+        (setf (epg-context-sender context) sender)))
     (when (eq 'OpenPGP protocol)
       (setf (epg-context-armor context) t)
       (setf (epg-context-textmode context) t))
@@ -944,6 +947,8 @@ mml-secure-epg-sign
       (setf (epg-context-armor context) t)
       (setf (epg-context-textmode context) t))
     (setf (epg-context-signers context) signers)
+    (when mml-secure-openpgp-sign-with-sender
+      (setf (epg-context-sender context) sender))
     (when (mml-secure-cache-passphrase-p protocol)
       (epg-context-set-passphrase-callback
        context
=2D-=20
2.20.1

=2D-=20
///  OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
//  https://keys.openpgp.org/search?q=3Dtlikonen@iki.fi
/  https://keybase.io/tlikonen  https://github.com/tlikonen

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQFEBAEBCgAuFiEEkhZiiC54Bnj5a16Skzo1BB5+rVEFAl0oyQkQHHRsaWtvbmVu
QGlraS5maQAKCRCTOjUEHn6tUSh8CACfmMKYsrLzV5P++SGCz4JPwGq6fVpkBZpm
PVi0J0bk4kUdQ+5tQxiHco2NWfnnLF+44obqtzp8RsFjeqa+lIoxrAWbNoNkMNOC
5BbgH9fchEtyBzT33bOwQyuGzMJYtX94XxmgLt02nrmwK61mxT4g/3hkSIRzafR9
Zqk7eRZJaWIqB7xHikNr/Zu/fd2Zqqb9aOd/UUSYhNBwe6+H/2YAfvf55PeYuh7q
PzsF8P7j7EasNED3YmWw9LsLm4/r0xgdzWphmyskj4OsucRhxiAnaHLMUeVlViG4
+21kLsWiMZ69vyhSwBwO8mIc0WiXv9eQxpayPhjCdV643msSBPIO
=l7+Q
-----END PGP SIGNATURE-----
--=-=-=--