procyberian/emacs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use the gpg --sender option

Browse source 
* lisp/epg.el (epg-start-encrypt)
* lisp/gnus/mml-sec.el (mml-secure-epg-encrypt): When
'mml-secure-openpgp-sign-with-sender' is non-nil message sender's
email address (in addition to its old behaviour) will also be used
to set gpg's "--sender email@domain" option.
This commit is contained in:
Teemu Likonen 2019-07-13 02:12:58 +02:00 committed by Lars Ingebrigtsen
parent d539d5868c
commit 74579d3d2b
3 changed files with 38 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
etc/NEWS
View file

@ -1379,6 +1379,22 @@ are formatted as MIME digests.
*** 'message-forward-included-headers' has changed its default to
exclude most headers when forwarding.
*** 'mml-secure-openpgp-sign-with-sender' sets also "gpg --sender"
When 'mml-secure-openpgp-sign-with-sender' is non-nil message sender's
email address (in addition to its old behaviour) will also be used to
set gpg's "--sender email@domain" option.
The option is useful for two reasons when verifying the signature:
1. GnuPG's TOFU statistics are updated for the specific user id
(email) only. See gpg(1) man page about "--sender".
2. GnuPG's --auto-key-retrieve functionality can use WKD (web key
directory) method for finding the signer's key. You need GnuPG
2.2.17 to fully benefit from this feature. See gpg(1) man page for
"--auto-key-retrieve".
---
** EasyPG
---
@ -1391,6 +1407,13 @@ It now applies to epg functions as well as epa functions.
been removed. Use 'encode-coding-string', 'decode-coding-string', and
'select-safe-coding-system' instead.
*** 'epg-context' structure supports now 'sender' slot
The value of the new 'sender' slot (if a string) is used to set gpg's
--sender option. This feature is used by
'mml-secure-openpgp-sign-with-sender'. See gpg(1) manual page about
"--sender" for more information.
---
** Rmail
+++

8
lisp/epg.el
View file

@ -208,6 +208,7 @@
progress-callback
edit-callback
signers
sender
sig-notations
process
output-file
@ -1616,6 +1617,9 @@ If you are unsure, use synchronous version of this function
(epg-sub-key-id
(car (epg-key-sub-key-list signer)))))
(epg-context-signers context)))
(let ((sender (epg-context-sender context)))
(when (stringp sender)
(list "--sender" sender)))
(epg--args-from-sig-notations
(epg-context-sig-notations context))
(if (epg-data-file plain)
@ -1711,6 +1715,10 @@ If you are unsure, use synchronous version of this function
signer)))))
(epg-context-signers context))))
(if sign
(let ((sender (epg-context-sender context)))
(when (stringp sender)
(list "--sender" sender))))
(if sign
(epg--args-from-sig-notations
(epg-context-sig-notations context)))
(apply #'nconc

9
lisp/gnus/mml-sec.el
View file

@ -497,7 +497,8 @@ https://debbugs.gnu.org/cgi/bugreport.cgi?bug=18718"
'mml2015-sign-with-sender 'mml-secure-openpgp-sign-with-sender "25.1")
;mml1991-sign-with-sender did never exist.
(defcustom mml-secure-openpgp-sign-with-sender nil
"If t, use message sender to find an OpenPGP key to sign with."
"If t, use message sender to find an OpenPGP key to sign with.
Also use message's sender with GnuPG's --sender option."
:group 'mime-security
:type 'boolean)
@ -913,7 +914,9 @@ If no one is selected, symmetric encryption will be performed. "
cipher signers)
(when sign
(setq signers (mml-secure-signers context signer-names))
(setf (epg-context-signers context) signers))
(setf (epg-context-signers context) signers)
(when mml-secure-openpgp-sign-with-sender
(setf (epg-context-sender context) sender)))
(when (eq 'OpenPGP protocol)
(setf (epg-context-armor context) t)
(setf (epg-context-textmode context) t))
@ -944,6 +947,8 @@ If no one is selected, symmetric encryption will be performed. "
(setf (epg-context-armor context) t)
(setf (epg-context-textmode context) t))
(setf (epg-context-signers context) signers)
(when mml-secure-openpgp-sign-with-sender
(setf (epg-context-sender context) sender))
(when (mml-secure-cache-passphrase-p protocol)
(epg-context-set-passphrase-callback
context