gpg: New option --disable-signer-uid, create Signer's UID sub-packet.

* g10/gpg.c (oDisableSignerUID): New. (opts): New option '--disable-signer-uid'. (main): Set option. * g10/options.h (opt): Add field flags.disable_signer_uid. * g10/sign.c: Include mbox-util.h. (mk_notation_policy_etc): Embed the signer's uid. * g10/mainproc.c (check_sig_and_print): Do not use WKD for auto key retrieval if --disable-signer-uid is used. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2025-02-02 16:43:03 +01:00 · 2016-06-13 11:24:09 +02:00 · 2016-06-13 11:24:09 +02:00 · 61e7fd68c0
commit 61e7fd68c0
parent 08c82b1b55
5 changed files with 41 additions and 7 deletions
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -1740,13 +1740,17 @@ are available for all keyserver types, some common options are:
  @item auto-key-retrieve
  This option enables the automatic retrieving of keys from a keyserver
  when verifying signatures made by keys that are not on the local
-  keyring.
+  keyring.  If the method "wkd" is included in the list of methods
  given to @option{auto-key-locate}, the Signer's User ID is part of
  the signature, and the option @option{--disable-signer-uid} is not used,
  the "wkd" method may also be used to retrieve a key.
  Note that this option makes a "web bug" like behavior possible.
-  Keyserver operators can see which keys you request, so by sending you
+  Keyserver or Web Key Directory operators can see which keys you
-  a message signed by a brand new key (which you naturally will not have
+  request, so by sending you a message signed by a brand new key (which
-  on your local keyring), the operator can tell both your IP address and
+  you naturally will not have on your local keyring), the operator can
-  the time when you verified the signature.
+  tell both your IP address and the time when you verified the
  signature.
  @item honor-keyserver-url
  When using @option{--refresh-keys}, if the key in question has a preferred
@ -2344,6 +2348,14 @@ Disable the use of the modification detection code. Note that by
 using this option, the encrypted message becomes vulnerable to a
 message modification attack.
@item --disable-signer-uid
@opindex disable-signer-uid
 By default the user ID of the signing key is embedded in the data
 signature.  As of now this is only done if the signing key has been
 specified with @option{local-user} using a mail address.  This
 information can be helpful for verifier to locate the key; see
@option{--auto-key-retrieve}.
@item --personal-cipher-preferences @code{string}
@opindex personal-cipher-preferences
 Set the list of personal cipher preferences to @code{string}.  Use
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -396,6 +396,7 @@ enum cmd_and_opt_values
    oWeakDigest,
    oUnwrap,
    oOnlySignTextIDs,
    oDisableSignerUID,
    oNoop
  };
@ -550,6 +551,8 @@ static ARGPARSE_OPTS opts[] = {
  ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"),
  ARGPARSE_s_n (oNoDisableMDC, "no-disable-mdc", "@"),
  ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"),
  ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
  ARGPARSE_s_n (oInteractive, "interactive", N_("prompt before overwriting")),
@ -2799,6 +2802,9 @@ main (int argc, char **argv)
 	  case oNoForceMDC: opt.force_mdc = 0; break;
 	  case oDisableMDC: opt.disable_mdc = 1; break;
 	  case oNoDisableMDC: opt.disable_mdc = 0; break;
          case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
 	  case oS2KMode:   opt.s2k_mode = pargs.r.ret_int; break;
 	  case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break;
 	  case oS2KCipher: s2k_cipher_string = xstrdup(pargs.r.ret_str); break;
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@ -1823,6 +1823,7 @@ check_sig_and_print (CTX c, kbnode_t node)
   * key from the WKD. */
  if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
      && (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE)
      && !opt.flags.disable_signer_uid
      && akl_has_wkd_method ()
      && sig->signers_uid)
    {
--- a/g10/options.h
+++ b/g10/options.h
@ -234,6 +234,7 @@ struct
    unsigned int allow_multiple_messages:1;
    unsigned int allow_weak_digest_algos:1;
    unsigned int large_rsa:1;
    unsigned int disable_signer_uid:1;
  } flags;
  /* Linked list of ways to find a key if the key isn't on the local
@ -290,7 +291,7 @@ struct {
 #define DBG_IPC_VALUE     1024  /* debug assuan communication */
 #define DBG_CARD_IO_VALUE 2048  /* debug smart card I/O.  */
 #define DBG_CLOCK_VALUE   4096
-#define DBG_LOOKUP_VALUE  8192	/* debug the kety lookup */
+#define DBG_LOOKUP_VALUE  8192	/* debug the key lookup */
 #define DBG_EXTPROG_VALUE 16384 /* debug external program calls */
 /* Tests for the debugging flags.  */
--- a/g10/sign.c
+++ b/g10/sign.c
@ -40,7 +40,7 @@
 #include "pkglue.h"
 #include "sysutils.h"
 #include "call-agent.h"
-
+#include "mbox-util.h"
 #ifdef HAVE_DOSISH_SYSTEM
 #define LF "\r\n"
@ -144,6 +144,20 @@ mk_notation_policy_etc (PKT_signature *sig,
                        p, strlen (p));
      xfree (p);
    }
  /* Set signer's user id.  */
  if (IS_SIG (sig) && !opt.flags.disable_signer_uid)
    {
      char *mbox;
      /* For now we use the uid which was used to locate the key.  */
      if (pksk->user_id && (mbox = mailbox_from_userid (pksk->user_id->name)))
        {
          if (DBG_LOOKUP)
            log_debug ("setting Signer's UID to '%s'\n", mbox);
          build_sig_subpkt (sig, SIGSUBPKT_SIGNERS_UID, mbox, strlen (mbox));
        }
    }
 }