From 61e7fd68c05ed185728e9da45f7a44a2323065ad Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 13 Jun 2016 11:24:09 +0200 Subject: [PATCH] gpg: New option --disable-signer-uid, create Signer's UID sub-packet. * g10/gpg.c (oDisableSignerUID): New. (opts): New option '--disable-signer-uid'. (main): Set option. * g10/options.h (opt): Add field flags.disable_signer_uid. * g10/sign.c: Include mbox-util.h. (mk_notation_policy_etc): Embed the signer's uid. * g10/mainproc.c (check_sig_and_print): Do not use WKD for auto key retrieval if --disable-signer-uid is used. -- Signed-off-by: Werner Koch --- doc/gpg.texi | 22 +++++++++++++++++----- g10/gpg.c | 6 ++++++ g10/mainproc.c | 1 + g10/options.h | 3 ++- g10/sign.c | 16 +++++++++++++++- 5 files changed, 41 insertions(+), 7 deletions(-) diff --git a/doc/gpg.texi b/doc/gpg.texi index f092b270d..182abb105 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1740,13 +1740,17 @@ are available for all keyserver types, some common options are: @item auto-key-retrieve This option enables the automatic retrieving of keys from a keyserver when verifying signatures made by keys that are not on the local - keyring. + keyring. If the method "wkd" is included in the list of methods + given to @option{auto-key-locate}, the Signer's User ID is part of + the signature, and the option @option{--disable-signer-uid} is not used, + the "wkd" method may also be used to retrieve a key. Note that this option makes a "web bug" like behavior possible. - Keyserver operators can see which keys you request, so by sending you - a message signed by a brand new key (which you naturally will not have - on your local keyring), the operator can tell both your IP address and - the time when you verified the signature. + Keyserver or Web Key Directory operators can see which keys you + request, so by sending you a message signed by a brand new key (which + you naturally will not have on your local keyring), the operator can + tell both your IP address and the time when you verified the + signature. @item honor-keyserver-url When using @option{--refresh-keys}, if the key in question has a preferred @@ -2344,6 +2348,14 @@ Disable the use of the modification detection code. Note that by using this option, the encrypted message becomes vulnerable to a message modification attack. +@item --disable-signer-uid +@opindex disable-signer-uid +By default the user ID of the signing key is embedded in the data +signature. As of now this is only done if the signing key has been +specified with @option{local-user} using a mail address. This +information can be helpful for verifier to locate the key; see +@option{--auto-key-retrieve}. + @item --personal-cipher-preferences @code{string} @opindex personal-cipher-preferences Set the list of personal cipher preferences to @code{string}. Use diff --git a/g10/gpg.c b/g10/gpg.c index 87d06afef..f6088f061 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -396,6 +396,7 @@ enum cmd_and_opt_values oWeakDigest, oUnwrap, oOnlySignTextIDs, + oDisableSignerUID, oNoop }; @@ -550,6 +551,8 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"), ARGPARSE_s_n (oNoDisableMDC, "no-disable-mdc", "@"), + ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"), + ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")), ARGPARSE_s_n (oInteractive, "interactive", N_("prompt before overwriting")), @@ -2799,6 +2802,9 @@ main (int argc, char **argv) case oNoForceMDC: opt.force_mdc = 0; break; case oDisableMDC: opt.disable_mdc = 1; break; case oNoDisableMDC: opt.disable_mdc = 0; break; + + case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break; + case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break; case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break; case oS2KCipher: s2k_cipher_string = xstrdup(pargs.r.ret_str); break; diff --git a/g10/mainproc.c b/g10/mainproc.c index 7033de7dd..453d1b07b 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1823,6 +1823,7 @@ check_sig_and_print (CTX c, kbnode_t node) * key from the WKD. */ if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY && (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE) + && !opt.flags.disable_signer_uid && akl_has_wkd_method () && sig->signers_uid) { diff --git a/g10/options.h b/g10/options.h index bf5831d6c..0a87b9011 100644 --- a/g10/options.h +++ b/g10/options.h @@ -234,6 +234,7 @@ struct unsigned int allow_multiple_messages:1; unsigned int allow_weak_digest_algos:1; unsigned int large_rsa:1; + unsigned int disable_signer_uid:1; } flags; /* Linked list of ways to find a key if the key isn't on the local @@ -290,7 +291,7 @@ struct { #define DBG_IPC_VALUE 1024 /* debug assuan communication */ #define DBG_CARD_IO_VALUE 2048 /* debug smart card I/O. */ #define DBG_CLOCK_VALUE 4096 -#define DBG_LOOKUP_VALUE 8192 /* debug the kety lookup */ +#define DBG_LOOKUP_VALUE 8192 /* debug the key lookup */ #define DBG_EXTPROG_VALUE 16384 /* debug external program calls */ /* Tests for the debugging flags. */ diff --git a/g10/sign.c b/g10/sign.c index 833b6ef06..a4974be85 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -40,7 +40,7 @@ #include "pkglue.h" #include "sysutils.h" #include "call-agent.h" - +#include "mbox-util.h" #ifdef HAVE_DOSISH_SYSTEM #define LF "\r\n" @@ -144,6 +144,20 @@ mk_notation_policy_etc (PKT_signature *sig, p, strlen (p)); xfree (p); } + + /* Set signer's user id. */ + if (IS_SIG (sig) && !opt.flags.disable_signer_uid) + { + char *mbox; + + /* For now we use the uid which was used to locate the key. */ + if (pksk->user_id && (mbox = mailbox_from_userid (pksk->user_id->name))) + { + if (DBG_LOOKUP) + log_debug ("setting Signer's UID to '%s'\n", mbox); + build_sig_subpkt (sig, SIGSUBPKT_SIGNERS_UID, mbox, strlen (mbox)); + } + } }