*** 'message-forward-included-headers' has changed its default to
exclude most headers when forwarding.
+*** 'mml-secure-openpgp-sign-with-sender' sets also "gpg --sender"
+When 'mml-secure-openpgp-sign-with-sender' is non-nil message sender's
+email address (in addition to its old behaviour) will also be used to
+set gpg's "--sender email@domain" option.
+
+The option is useful for two reasons when verifying the signature:
+
+ 1. GnuPG's TOFU statistics are updated for the specific user id
+ (email) only. See gpg(1) man page about "--sender".
+
+ 2. GnuPG's --auto-key-retrieve functionality can use WKD (web key
+ directory) method for finding the signer's key. You need GnuPG
+ 2.2.17 to fully benefit from this feature. See gpg(1) man page for
+ "--auto-key-retrieve".
+
+---
** EasyPG
---
been removed. Use 'encode-coding-string', 'decode-coding-string', and
'select-safe-coding-system' instead.
+*** 'epg-context' structure supports now 'sender' slot
+The value of the new 'sender' slot (if a string) is used to set gpg's
+--sender option. This feature is used by
+'mml-secure-openpgp-sign-with-sender'. See gpg(1) manual page about
+"--sender" for more information.
+
+---
** Rmail
+++
progress-callback
edit-callback
signers
+ sender
sig-notations
process
output-file
(epg-sub-key-id
(car (epg-key-sub-key-list signer)))))
(epg-context-signers context)))
+ (let ((sender (epg-context-sender context)))
+ (when (stringp sender)
+ (list "--sender" sender)))
(epg--args-from-sig-notations
(epg-context-sig-notations context))
(if (epg-data-file plain)
signer)))))
(epg-context-signers context))))
(if sign
+ (let ((sender (epg-context-sender context)))
+ (when (stringp sender)
+ (list "--sender" sender))))
+ (if sign
(epg--args-from-sig-notations
(epg-context-sig-notations context)))
(apply #'nconc
'mml2015-sign-with-sender 'mml-secure-openpgp-sign-with-sender "25.1")
;mml1991-sign-with-sender did never exist.
(defcustom mml-secure-openpgp-sign-with-sender nil
- "If t, use message sender to find an OpenPGP key to sign with."
+ "If t, use message sender to find an OpenPGP key to sign with.
+Also use message's sender with GnuPG's --sender option."
:group 'mime-security
:type 'boolean)
cipher signers)
(when sign
(setq signers (mml-secure-signers context signer-names))
- (setf (epg-context-signers context) signers))
+ (setf (epg-context-signers context) signers)
+ (when mml-secure-openpgp-sign-with-sender
+ (setf (epg-context-sender context) sender)))
(when (eq 'OpenPGP protocol)
(setf (epg-context-armor context) t)
(setf (epg-context-textmode context) t))
(setf (epg-context-armor context) t)
(setf (epg-context-textmode context) t))
(setf (epg-context-signers context) signers)
+ (when mml-secure-openpgp-sign-with-sender
+ (setf (epg-context-sender context) sender))
(when (mml-secure-cache-passphrase-p protocol)
(epg-context-set-passphrase-callback
context
projects / emacs.git / commitdiff