From: Teemu Likonen Date: Sat, 13 Jul 2019 00:12:58 +0000 (+0200) Subject: Use the gpg --sender option X-Git-Tag: emacs-27.0.90~1977 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=74579d3d2bb82f300a6f2d81b7b559f0a24061db;p=emacs.git Use the gpg --sender option * lisp/epg.el (epg-start-encrypt) * lisp/gnus/mml-sec.el (mml-secure-epg-encrypt): When 'mml-secure-openpgp-sign-with-sender' is non-nil message sender's email address (in addition to its old behaviour) will also be used to set gpg's "--sender email@domain" option. --- diff --git a/etc/NEWS b/etc/NEWS index 966bdda456a..7e10d132dbe 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -1379,6 +1379,22 @@ are formatted as MIME digests. *** 'message-forward-included-headers' has changed its default to exclude most headers when forwarding. +*** 'mml-secure-openpgp-sign-with-sender' sets also "gpg --sender" +When 'mml-secure-openpgp-sign-with-sender' is non-nil message sender's +email address (in addition to its old behaviour) will also be used to +set gpg's "--sender email@domain" option. + +The option is useful for two reasons when verifying the signature: + + 1. GnuPG's TOFU statistics are updated for the specific user id + (email) only. See gpg(1) man page about "--sender". + + 2. GnuPG's --auto-key-retrieve functionality can use WKD (web key + directory) method for finding the signer's key. You need GnuPG + 2.2.17 to fully benefit from this feature. See gpg(1) man page for + "--auto-key-retrieve". + +--- ** EasyPG --- @@ -1391,6 +1407,13 @@ It now applies to epg functions as well as epa functions. been removed. Use 'encode-coding-string', 'decode-coding-string', and 'select-safe-coding-system' instead. +*** 'epg-context' structure supports now 'sender' slot +The value of the new 'sender' slot (if a string) is used to set gpg's +--sender option. This feature is used by +'mml-secure-openpgp-sign-with-sender'. See gpg(1) manual page about +"--sender" for more information. + +--- ** Rmail +++ diff --git a/lisp/epg.el b/lisp/epg.el index 8029bf5a931..ce58c520f17 100644 --- a/lisp/epg.el +++ b/lisp/epg.el @@ -208,6 +208,7 @@ progress-callback edit-callback signers + sender sig-notations process output-file @@ -1616,6 +1617,9 @@ If you are unsure, use synchronous version of this function (epg-sub-key-id (car (epg-key-sub-key-list signer))))) (epg-context-signers context))) + (let ((sender (epg-context-sender context))) + (when (stringp sender) + (list "--sender" sender))) (epg--args-from-sig-notations (epg-context-sig-notations context)) (if (epg-data-file plain) @@ -1711,6 +1715,10 @@ If you are unsure, use synchronous version of this function signer))))) (epg-context-signers context)))) (if sign + (let ((sender (epg-context-sender context))) + (when (stringp sender) + (list "--sender" sender)))) + (if sign (epg--args-from-sig-notations (epg-context-sig-notations context))) (apply #'nconc diff --git a/lisp/gnus/mml-sec.el b/lisp/gnus/mml-sec.el index 02a27b367cd..07d20285343 100644 --- a/lisp/gnus/mml-sec.el +++ b/lisp/gnus/mml-sec.el @@ -497,7 +497,8 @@ https://debbugs.gnu.org/cgi/bugreport.cgi?bug=18718" 'mml2015-sign-with-sender 'mml-secure-openpgp-sign-with-sender "25.1") ;mml1991-sign-with-sender did never exist. (defcustom mml-secure-openpgp-sign-with-sender nil - "If t, use message sender to find an OpenPGP key to sign with." + "If t, use message sender to find an OpenPGP key to sign with. +Also use message's sender with GnuPG's --sender option." :group 'mime-security :type 'boolean) @@ -913,7 +914,9 @@ If no one is selected, symmetric encryption will be performed. " cipher signers) (when sign (setq signers (mml-secure-signers context signer-names)) - (setf (epg-context-signers context) signers)) + (setf (epg-context-signers context) signers) + (when mml-secure-openpgp-sign-with-sender + (setf (epg-context-sender context) sender))) (when (eq 'OpenPGP protocol) (setf (epg-context-armor context) t) (setf (epg-context-textmode context) t)) @@ -944,6 +947,8 @@ If no one is selected, symmetric encryption will be performed. " (setf (epg-context-armor context) t) (setf (epg-context-textmode context) t)) (setf (epg-context-signers context) signers) + (when mml-secure-openpgp-sign-with-sender + (setf (epg-context-sender context) sender)) (when (mml-secure-cache-passphrase-p protocol) (epg-context-set-passphrase-callback context