security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

gpg: New option --disable-signer-uid, create Signer's UID sub-packet.

Browse source 
* g10/gpg.c (oDisableSignerUID): New.
(opts): New option '--disable-signer-uid'.
(main): Set option.
* g10/options.h (opt): Add field flags.disable_signer_uid.
* g10/sign.c: Include mbox-util.h.
(mk_notation_policy_etc): Embed the signer's uid.
* g10/mainproc.c (check_sig_and_print): Do not use WKD for auto key
retrieval if --disable-signer-uid is used.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-06-13 11:24:09 +02:00
parent 08c82b1b55
commit 61e7fd68c0
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
5 changed files with 41 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

22
doc/gpg.texi
View file

@ -1740,13 +1740,17 @@ are available for all keyserver types, some common options are:
@item auto-key-retrieve
This option enables the automatic retrieving of keys from a keyserver
when verifying signatures made by keys that are not on the local
keyring.
keyring. If the method "wkd" is included in the list of methods
given to @option{auto-key-locate}, the Signer's User ID is part of
the signature, and the option @option{--disable-signer-uid} is not used,
the "wkd" method may also be used to retrieve a key.
Note that this option makes a "web bug" like behavior possible.
Keyserver operators can see which keys you request, so by sending you
a message signed by a brand new key (which you naturally will not have
on your local keyring), the operator can tell both your IP address and
the time when you verified the signature.
Keyserver or Web Key Directory operators can see which keys you
request, so by sending you a message signed by a brand new key (which
you naturally will not have on your local keyring), the operator can
tell both your IP address and the time when you verified the
signature.
@item honor-keyserver-url
When using @option{--refresh-keys}, if the key in question has a preferred
@ -2344,6 +2348,14 @@ Disable the use of the modification detection code. Note that by
using this option, the encrypted message becomes vulnerable to a
message modification attack.
@item --disable-signer-uid
@opindex disable-signer-uid
By default the user ID of the signing key is embedded in the data
signature. As of now this is only done if the signing key has been
specified with @option{local-user} using a mail address. This
information can be helpful for verifier to locate the key; see
@option{--auto-key-retrieve}.
@item --personal-cipher-preferences @code{string}
@opindex personal-cipher-preferences
Set the list of personal cipher preferences to @code{string}. Use