[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] master 74579d3: Use the gpg --sender option
From: |
Lars Ingebrigtsen |
Subject: |
[Emacs-diffs] master 74579d3: Use the gpg --sender option |
Date: |
Fri, 12 Jul 2019 20:13:46 -0400 (EDT) |
branch: master
commit 74579d3d2bb82f300a6f2d81b7b559f0a24061db
Author: Teemu Likonen <address@hidden>
Commit: Lars Ingebrigtsen <address@hidden>
Use the gpg --sender option
* lisp/epg.el (epg-start-encrypt)
* lisp/gnus/mml-sec.el (mml-secure-epg-encrypt): When
'mml-secure-openpgp-sign-with-sender' is non-nil message sender's
email address (in addition to its old behaviour) will also be used
to set gpg's "--sender email@domain" option.
---
etc/NEWS | 23 +++++++++++++++++++++++
lisp/epg.el | 8 ++++++++
lisp/gnus/mml-sec.el | 9 +++++++--
3 files changed, 38 insertions(+), 2 deletions(-)
diff --git a/etc/NEWS b/etc/NEWS
index 966bdda..7e10d13 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -1379,6 +1379,22 @@ are formatted as MIME digests.
*** 'message-forward-included-headers' has changed its default to
exclude most headers when forwarding.
+*** 'mml-secure-openpgp-sign-with-sender' sets also "gpg --sender"
+When 'mml-secure-openpgp-sign-with-sender' is non-nil message sender's
+email address (in addition to its old behaviour) will also be used to
+set gpg's "--sender email@domain" option.
+
+The option is useful for two reasons when verifying the signature:
+
+ 1. GnuPG's TOFU statistics are updated for the specific user id
+ (email) only. See gpg(1) man page about "--sender".
+
+ 2. GnuPG's --auto-key-retrieve functionality can use WKD (web key
+ directory) method for finding the signer's key. You need GnuPG
+ 2.2.17 to fully benefit from this feature. See gpg(1) man page for
+ "--auto-key-retrieve".
+
+---
** EasyPG
---
@@ -1391,6 +1407,13 @@ It now applies to epg functions as well as epa functions.
been removed. Use 'encode-coding-string', 'decode-coding-string', and
'select-safe-coding-system' instead.
+*** 'epg-context' structure supports now 'sender' slot
+The value of the new 'sender' slot (if a string) is used to set gpg's
+--sender option. This feature is used by
+'mml-secure-openpgp-sign-with-sender'. See gpg(1) manual page about
+"--sender" for more information.
+
+---
** Rmail
+++
diff --git a/lisp/epg.el b/lisp/epg.el
index 8029bf5..ce58c52 100644
--- a/lisp/epg.el
+++ b/lisp/epg.el
@@ -208,6 +208,7 @@
progress-callback
edit-callback
signers
+ sender
sig-notations
process
output-file
@@ -1616,6 +1617,9 @@ If you are unsure, use synchronous version of this
function
(epg-sub-key-id
(car (epg-key-sub-key-list signer)))))
(epg-context-signers context)))
+ (let ((sender (epg-context-sender context)))
+ (when (stringp sender)
+ (list "--sender" sender)))
(epg--args-from-sig-notations
(epg-context-sig-notations context))
(if (epg-data-file plain)
@@ -1711,6 +1715,10 @@ If you are unsure, use synchronous version of this
function
signer)))))
(epg-context-signers context))))
(if sign
+ (let ((sender (epg-context-sender context)))
+ (when (stringp sender)
+ (list "--sender" sender))))
+ (if sign
(epg--args-from-sig-notations
(epg-context-sig-notations context)))
(apply #'nconc
diff --git a/lisp/gnus/mml-sec.el b/lisp/gnus/mml-sec.el
index 02a27b3..07d2028 100644
--- a/lisp/gnus/mml-sec.el
+++ b/lisp/gnus/mml-sec.el
@@ -497,7 +497,8 @@ https://debbugs.gnu.org/cgi/bugreport.cgi?bug=18718"
'mml2015-sign-with-sender 'mml-secure-openpgp-sign-with-sender "25.1")
;mml1991-sign-with-sender did never exist.
(defcustom mml-secure-openpgp-sign-with-sender nil
- "If t, use message sender to find an OpenPGP key to sign with."
+ "If t, use message sender to find an OpenPGP key to sign with.
+Also use message's sender with GnuPG's --sender option."
:group 'mime-security
:type 'boolean)
@@ -913,7 +914,9 @@ If no one is selected, symmetric encryption will be
performed. "
cipher signers)
(when sign
(setq signers (mml-secure-signers context signer-names))
- (setf (epg-context-signers context) signers))
+ (setf (epg-context-signers context) signers)
+ (when mml-secure-openpgp-sign-with-sender
+ (setf (epg-context-sender context) sender)))
(when (eq 'OpenPGP protocol)
(setf (epg-context-armor context) t)
(setf (epg-context-textmode context) t))
@@ -944,6 +947,8 @@ If no one is selected, symmetric encryption will be
performed. "
(setf (epg-context-armor context) t)
(setf (epg-context-textmode context) t))
(setf (epg-context-signers context) signers)
+ (when mml-secure-openpgp-sign-with-sender
+ (setf (epg-context-sender context) sender))
(when (mml-secure-cache-passphrase-p protocol)
(epg-context-set-passphrase-callback
context
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] master 74579d3: Use the gpg --sender option,
Lars Ingebrigtsen <=