[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] MML/EPG: Add support for GnuPG's --sender option

From: Teemu Likonen
Subject: [PATCH] MML/EPG: Add support for GnuPG's --sender option
Date: Fri, 12 Jul 2019 15:21:58 +0300
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2.90 (gnu/linux)

An already existing variable mml-secure-openpgp-sign-with-sender (if
non-nil) makes MML security to use message sender's email address to
find signer's key from GnuPG keyring.

This commit enhances the feature to also use sender's email address with
GnuPG's (gpg) --sender option to clarify which user id made the
signature. The option is useful for two reasons when verifying the

 1. GnuPG's TOFU statistics are updated for the specific user id (email)

 2. GnuPG's --auto-key-retrieve functionality can use WKD (web key
    directory) method for finding the signer's key.

Quotes from gpg(1) manual page (version 2.2.17):

           These options enable or disable the automatic retrieving of
           keys from a keyserver when verifying signatures made by
           keys that are not on the local keyring.  The default is

           The order of methods tried to lookup the key is:


           2.  If the signature has the Signer's UID set (e.g. using
           --sender while creating the signature) a Web Key
           Directory (WKD) lookup is done.  This is the default
           configuration but can be disabled by removing WKD from the
           auto-key-locate list or by using the option


    --sender mbox
           This option has two purposes.  mbox must either be a
           complete user id with a proper mail address or just a mail
           address.  When creating a signature this option tells gpg
           the user id of a key used to make a signature if the key
           was not directly specified by a user id.  When verifying a
           signature the mbox is used to restrict the information
           printed by the TOFU code to matching user ids.
 lisp/epg.el          | 8 ++++++++
 lisp/gnus/mml-sec.el | 9 +++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/lisp/epg.el b/lisp/epg.el
index 8029bf5a93..ce58c520f1 100644
--- a/lisp/epg.el
+++ b/lisp/epg.el
@@ -208,6 +208,7 @@ 'epg-error
+  sender
@@ -1616,6 +1617,9 @@ epg-start-sign
                                      (car (epg-key-sub-key-list signer)))))
                             (epg-context-signers context)))
+                     (let ((sender (epg-context-sender context)))
+                       (when (stringp sender)
+                         (list "--sender" sender)))
                      (epg-context-sig-notations context))
                     (if (epg-data-file plain)
@@ -1711,6 +1715,10 @@ epg-start-encrypt
                                 (epg-context-signers context))))
                     (if sign
+                         (let ((sender (epg-context-sender context)))
+                           (when (stringp sender)
+                             (list "--sender" sender))))
+                     (if sign
                          (epg-context-sig-notations context)))
                     (apply #'nconc
diff --git a/lisp/gnus/mml-sec.el b/lisp/gnus/mml-sec.el
index 02a27b367c..07d2028534 100644
--- a/lisp/gnus/mml-sec.el
+++ b/lisp/gnus/mml-sec.el
@@ -497,7 +497,8 @@ mml-secure-smime-encrypt-to-self
   'mml2015-sign-with-sender 'mml-secure-openpgp-sign-with-sender "25.1")
 ;mml1991-sign-with-sender did never exist.
 (defcustom mml-secure-openpgp-sign-with-sender nil
-  "If t, use message sender to find an OpenPGP key to sign with."
+  "If t, use message sender to find an OpenPGP key to sign with.
+Also use message's sender with GnuPG's --sender option."
   :group 'mime-security
   :type 'boolean)
@@ -913,7 +914,9 @@ mml-secure-epg-encrypt
         cipher signers)
     (when sign
       (setq signers (mml-secure-signers context signer-names))
-      (setf (epg-context-signers context) signers))
+      (setf (epg-context-signers context) signers)
+      (when mml-secure-openpgp-sign-with-sender
+        (setf (epg-context-sender context) sender)))
     (when (eq 'OpenPGP protocol)
       (setf (epg-context-armor context) t)
       (setf (epg-context-textmode context) t))
@@ -944,6 +947,8 @@ mml-secure-epg-sign
       (setf (epg-context-armor context) t)
       (setf (epg-context-textmode context) t))
     (setf (epg-context-signers context) signers)
+    (when mml-secure-openpgp-sign-with-sender
+      (setf (epg-context-sender context) sender))
     (when (mml-secure-cache-passphrase-p protocol)

///  OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
//  https://keys.openpgp.org/search?q=address@hidden
/  https://keybase.io/tlikonen  https://github.com/tlikonen

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]