diff --git a/doc/gpg.texi b/doc/gpg.texi index 894d38413..b9a3ddcd1 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2087,6 +2087,15 @@ Remove all entries from the @option{--group} list. Use @var{name} as the key to sign with. Note that this option overrides @option{--default-key}. +@item --sender @var{mbox} +@opindex sender +This option has two purposes. @var{mbox} must either be a complete +user id with a proper mail address or just a mail address. When +creating a signature this option tells gpg the user id of a key used +to make a signature if the key was not directly specified by a user +id. When verifying a signature the @var{mbox} is used to restrict the +information printed by the TOFU code to matching user ids. + @item --try-secret-key @var{name} @opindex try-secret-key For hidden recipients GPG needs to know the keys to use for trial diff --git a/g10/gpg.c b/g10/gpg.c index 891c85f4c..e02efe49e 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -60,6 +60,7 @@ #include "call-dirmngr.h" #include "tofu.h" #include "../common/init.h" +#include "../common/mbox-util.h" #include "../common/shareddefs.h" #if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__) @@ -406,6 +407,7 @@ enum cmd_and_opt_values oUnwrap, oOnlySignTextIDs, oDisableSignerUID, + oSender, oNoop }; @@ -525,6 +527,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oEncryptToDefaultKey, "encrypt-to-default-key", "@"), ARGPARSE_s_s (oLocalUser, "local-user", N_("|USER-ID|use USER-ID to sign or decrypt")), + ARGPARSE_s_s (oSender, "sender", "@"), ARGPARSE_s_s (oTrySecretKey, "try-secret-key", "@"), @@ -2907,6 +2910,19 @@ main (int argc, char **argv) if (configfp) sl->flags |= PK_LIST_CONFIG; break; + case oSender: + { + char *mbox = mailbox_from_userid (pargs.r.ret_str); + if (!mbox) + log_error (_("\"%s\" is not a proper mail address\n"), + pargs.r.ret_str); + else + { + add_to_strlist (&opt.sender_list, mbox); + xfree (mbox); + } + } + break; case oCompress: /* this is the -z command line option */ opt.compress_level = opt.bz2_compress_level = pargs.r.ret_int; diff --git a/g10/options.h b/g10/options.h index 230c96af2..6b8f6490f 100644 --- a/g10/options.h +++ b/g10/options.h @@ -101,6 +101,10 @@ struct int def_recipient_self; strlist_t secret_keys_to_try; + /* A list of mail addresses (addr-spec) provided by the user with + * the option --sender. */ + strlist_t sender_list; + int def_cert_level; int min_cert_level; int ask_cert_level; diff --git a/g10/sign.c b/g10/sign.c index 217196db9..e5fbd9dc2 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -158,6 +158,21 @@ mk_notation_policy_etc (PKT_signature *sig, build_sig_subpkt (sig, SIGSUBPKT_SIGNERS_UID, mbox, strlen (mbox)); xfree (mbox); } + else if (opt.sender_list) + { + /* If a list of --sender was given we scan that list and use + * the first one matching a user id of the current key. */ + + /* FIXME: We need to get the list of user ids for the PKSK + * packet. That requires either a function to look it up + * again or we need to extend the key packet struct to link + * to the primary key which in turn could link to the user + * ids. Too much of a change right now. Let's take just + * one from the supplied list and hope that the caller + * passed a matching one. */ + build_sig_subpkt (sig, SIGSUBPKT_SIGNERS_UID, + opt.sender_list->d, strlen (opt.sender_list->d)); + } } }