gpg: New option --assert-signer.

* g10/gpg.c (enum cmd_and_opt_values): Add oAssertSigner. (opts): Add "assert-signer". (main): Set option. (assert_signer_true): New var. (g10_exit): Evaluate new var. * g10/main.h (assert_signer_true): Declare new var. * common/status.h (STATUS_ASSERT_SIGNER): New. * g10/options.h (opt): Add field assert_signer_list. * g10/verify.c (is_fingerprint): New. (check_assert_signer_list): New. * g10/mainproc.c (check_sig_and_print): Call that function. Clear assert_signer_true on a warning. * g10/gpgv.c: Add dummy function and vars. * g10/t-keydb-get-keyblock.c: Ditto. * g10/t-keydb.c: Ditto. * g10/t-stutter.c: Ditto. --
2025-07-03 22:56:33 +02:00 · 2023-04-05 21:32:23 +02:00 · 2023-04-05 21:32:23 +02:00 · c9e95b8dee
commit c9e95b8dee
parent 42ccbd6c78
13 changed files with 216 additions and 15 deletions
--- a/doc/DETAILS
+++ b/doc/DETAILS
@ -522,6 +522,11 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
    Epoch or an ISO 8601 string which can be detected by the presence
    of the letter 'T'.

+*** ASSERT_SIGNER <fingerprint>
+    This is emitted for the matching <fingerprint> when option
+    --assert-signer is used.  The fingerprint is printed with
+    uppercase hex digits.
+
 *** SIG_ID  <radix64_string>  <sig_creation_date>  <sig-timestamp>
    This is emitted only for signatures of class 0 or 1 which have
    been verified okay.  The string is a signature id and may be used
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -264,11 +264,11 @@ out the actual signed data, but there are other pitfalls with this
 format as well.  It is suggested to avoid cleartext signatures in
 favor of detached signatures.

-Note: Sometimes the use of the @command{gpgv} tool is easier than
-using the full-fledged @command{gpg} with this option.  @command{gpgv}
-is designed to compare signed data against a list of trusted keys and
-returns with success only for a good signature.  It has its own manual
-page.
+Note: To check whether a file was signed by a certain key the option
+@option{--assert-signer} can be used.  As an alternative the
+@command{gpgv} tool can be used.  @command{gpgv} is designed to
+compare signed data against a list of trusted keys and returns with
+success only for a good signature.  It has its own manual page.


@item --multifile
@ -1889,6 +1889,24 @@ Set what trust model GnuPG should follow. The models are:
  must be enabled explicitly.
@end table

+@item --always-trust
+@opindex always-trust
+Identical to @option{--trust-model always}.
+
+@item --assert-signer @var{fpr_or_file}
+@opindex assert-signer
+This option checks whether at least one valid signature on a file has
+been made with the specified key.  The key is either specified as a
+fingerprint or a file listing fingerprints.  The fingerprint must be
+given or listed in compact format (no colons or spaces in between).
+This option can be given multiple times and each fingerprint is
+checked against the signing key as well as the corresponding primary
+key.  If @var{fpr_or_file} specifies a file, empty lines are ignored
+as well as all lines starting with a hash sign.  With this option gpg
+is guaranteed to return with an exit code of 0 if and only if a
+signature has been encountered, is valid, and the key matches one of
+the fingerprints given by this option.
+

@item --auto-key-locate @var{mechanisms}
@itemx --no-auto-key-locate
@ -3856,10 +3874,6 @@ Display the keyring name at the head of key listings to show which
 keyring a given key resides on. This option is deprecated: use
@option{--list-options [no-]show-keyring} instead.

-@item --always-trust
-@opindex always-trust
-Identical to @option{--trust-model always}. This option is deprecated.
-
@item --show-notation
@itemx --no-show-notation
@opindex show-notation