gpg: New option --disable-signer-uid, create Signer's UID sub-packet.

* g10/gpg.c (oDisableSignerUID): New. (opts): New option '--disable-signer-uid'. (main): Set option. * g10/options.h (opt): Add field flags.disable_signer_uid. * g10/sign.c: Include mbox-util.h. (mk_notation_policy_etc): Embed the signer's uid. * g10/mainproc.c (check_sig_and_print): Do not use WKD for auto key retrieval if --disable-signer-uid is used. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-13 11:24:09 +02:00 · 2016-06-13 11:24:09 +02:00 · 61e7fd68c0
parent 08c82b1b55
commit 61e7fd68c0
5 changed files with 41 additions and 7 deletions
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -1740,13 +1740,17 @@ are available for all keyserver types, some common options are:
  @item auto-key-retrieve
  This option enables the automatic retrieving of keys from a keyserver
  when verifying signatures made by keys that are not on the local
-  keyring.
+  keyring.  If the method "wkd" is included in the list of methods
+  given to @option{auto-key-locate}, the Signer's User ID is part of
+  the signature, and the option @option{--disable-signer-uid} is not used,
+  the "wkd" method may also be used to retrieve a key.

  Note that this option makes a "web bug" like behavior possible.
-  Keyserver operators can see which keys you request, so by sending you
-  a message signed by a brand new key (which you naturally will not have
-  on your local keyring), the operator can tell both your IP address and
-  the time when you verified the signature.
+  Keyserver or Web Key Directory operators can see which keys you
+  request, so by sending you a message signed by a brand new key (which
+  you naturally will not have on your local keyring), the operator can
+  tell both your IP address and the time when you verified the
+  signature.

  @item honor-keyserver-url
  When using @option{--refresh-keys}, if the key in question has a preferred
@ -2344,6 +2348,14 @@ Disable the use of the modification detection code. Note that by
 using this option, the encrypted message becomes vulnerable to a
 message modification attack.

+@item --disable-signer-uid
+@opindex disable-signer-uid
+By default the user ID of the signing key is embedded in the data
+signature.  As of now this is only done if the signing key has been
+specified with @option{local-user} using a mail address.  This
+information can be helpful for verifier to locate the key; see
+@option{--auto-key-retrieve}.
+
@item --personal-cipher-preferences @code{string}
@opindex personal-cipher-preferences
 Set the list of personal cipher preferences to @code{string}.  Use
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -396,6 +396,7 @@ enum cmd_and_opt_values
    oWeakDigest,
    oUnwrap,
    oOnlySignTextIDs,
+    oDisableSignerUID,

    oNoop
  };
@ -550,6 +551,8 @@ static ARGPARSE_OPTS opts[] = {
  ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"),
  ARGPARSE_s_n (oNoDisableMDC, "no-disable-mdc", "@"),

+  ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"),
+
  ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
  ARGPARSE_s_n (oInteractive, "interactive", N_("prompt before overwriting")),

@ -2799,6 +2802,9 @@ main (int argc, char **argv)
 	  case oNoForceMDC: opt.force_mdc = 0; break;
 	  case oDisableMDC: opt.disable_mdc = 1; break;
 	  case oNoDisableMDC: opt.disable_mdc = 0; break;
+
+          case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
+
 	  case oS2KMode:   opt.s2k_mode = pargs.r.ret_int; break;
 	  case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break;
 	  case oS2KCipher: s2k_cipher_string = xstrdup(pargs.r.ret_str); break;
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@ -1823,6 +1823,7 @@ check_sig_and_print (CTX c, kbnode_t node)
   * key from the WKD. */
  if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
      && (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE)
+      && !opt.flags.disable_signer_uid
      && akl_has_wkd_method ()
      && sig->signers_uid)
    {
--- a/g10/options.h
+++ b/g10/options.h
@ -234,6 +234,7 @@ struct
    unsigned int allow_multiple_messages:1;
    unsigned int allow_weak_digest_algos:1;
    unsigned int large_rsa:1;
+    unsigned int disable_signer_uid:1;
  } flags;

  /* Linked list of ways to find a key if the key isn't on the local
@ -290,7 +291,7 @@ struct {
 #define DBG_IPC_VALUE     1024  /* debug assuan communication */
 #define DBG_CARD_IO_VALUE 2048  /* debug smart card I/O.  */
 #define DBG_CLOCK_VALUE   4096
-#define DBG_LOOKUP_VALUE  8192	/* debug the kety lookup */
+#define DBG_LOOKUP_VALUE  8192	/* debug the key lookup */
 #define DBG_EXTPROG_VALUE 16384 /* debug external program calls */

 /* Tests for the debugging flags.  */
--- a/g10/sign.c
+++ b/g10/sign.c
@ -40,7 +40,7 @@
 #include "pkglue.h"
 #include "sysutils.h"
 #include "call-agent.h"
-
+#include "mbox-util.h"

 #ifdef HAVE_DOSISH_SYSTEM
 #define LF "\r\n"
@ -144,6 +144,20 @@ mk_notation_policy_etc (PKT_signature *sig,
                        p, strlen (p));
      xfree (p);
    }
+
+  /* Set signer's user id.  */
+  if (IS_SIG (sig) && !opt.flags.disable_signer_uid)
+    {
+      char *mbox;
+
+      /* For now we use the uid which was used to locate the key.  */
+      if (pksk->user_id && (mbox = mailbox_from_userid (pksk->user_id->name)))
+        {
+          if (DBG_LOOKUP)
+            log_debug ("setting Signer's UID to '%s'\n", mbox);
+          build_sig_subpkt (sig, SIGSUBPKT_SIGNERS_UID, mbox, strlen (mbox));
+        }
+    }
 }