gpg: New option --auto-key-import

* g10/gpg.c (opts): New options --auto-key-import, --no-auto-key-import, and --no-include-key-block. (gpgconf_list): Add them. * g10/options.h (opt): Add field flags.auto_key_import. * g10/mainproc.c (check_sig_and_print): Use flag to enable that feature. * tools/gpgconf-comp.c: Give the new options a Basic config level. -- Note that the --no variants of the options are intended for easy disabling at the command line. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <[email protected]>
author: Werner Koch <[email protected]> 2020-03-14 17:04:47 +0000
committer: Werner Koch <[email protected]> 2020-03-14 17:04:47 +0000
commit: 6b306f45f4fbe36b90cec4685aabb267a61e283f (patch)
tree: b992ac17f33003c835cb0a69be9e3203177531fe
parent: gpg: Make use of the included key block in a signature. (diff)
download: gnupg-6b306f45f4fbe36b90cec4685aabb267a61e283f.tar.gz
gnupg-6b306f45f4fbe36b90cec4685aabb267a61e283f.zip
5 files changed, 57 insertions, 14 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 105aaf9df..f2a046e5a 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1766,6 +1766,19 @@ Set what trust model GnuPG should follow. The models are:
   must be enabled explicitly.
 @end table
 
+@item --include-key-block
+@itemx --no-include-key-block
+@opindex include-key-block
+@opindex no-include-key-block
+Include a minimized version of the public parts of the signing key as
+a “Key Block subpacket” into data signatures.  The Key Block contains
+the signing key or subkey as well as an encryption subkey.  This
+allows the recipient of a signed message to reply encrypted to the
+sender without using any online directories to lookup the key.  The
+default is @option{--no-innclude-key-block}.  See also the option
+@option{--auto-key-import}.
+
+
 @item --auto-key-locate @var{mechanisms}
 @itemx --no-auto-key-locate
 @opindex auto-key-locate
@@ -1827,6 +1840,20 @@ list.  The default is "local,wkd".
 @end table
 
 
+@item --auto-key-import
+@itemx --no-auto-key-import
+@opindex auto-key-import
+@opindex no-auto-key-import
+This is an offline mechanism to get a missing key for signature
+verification and for later encryption to this key.  If this option is
+enabled and a signature includes a “Key Block subpacket”, that key is
+used to verify the signature and on verification success that key is
+imported. The default is @option{--no-auto-key-import}.
+
+On the sender (signing) site the option @option{--include-key-block}
+needs to be used to put the public part of the signing key as “Key
+Block subpacket” into the signature.
+
 @item --auto-key-retrieve
 @itemx --no-auto-key-retrieve
 @opindex auto-key-retrieve
@@ -1837,22 +1864,26 @@ local keyring.  The default is @option{--no-auto-key-retrieve}.
 
 The order of methods tried to lookup the key is:
 
-1. If a preferred keyserver is specified in the signature and the
+1. If the option @option{--auto-key-import} is set and the signatures
+includes a “Key Block subpacket”, that key is used to verify the
+signature and on verification success that key is imported.
+
+2. If a preferred keyserver is specified in the signature and the
 option @option{honor-keyserver-url} is active (which is not the
 default), that keyserver is tried.  Note that the creator of the
 signature uses the option @option{--sig-keyserver-url} to specify the
 preferred keyserver for data signatures.
 
-2. If the signature has the Signer's UID set (e.g. using
+3. If the signature has the Signer's UID set (e.g. using
 @option{--sender} while creating the signature) a Web Key Directory
 (WKD) lookup is done.  This is the default configuration but can be
 disabled by removing WKD from the auto-key-locate list or by using the
 option @option{--disable-signer-uid}.
 
-3. If the option @option{honor-pka-record} is active, the legacy PKA
+4. If the option @option{honor-pka-record} is active, the legacy PKA
 method is used.
 
-4. If any keyserver is configured and the Issuer Fingerprint is part
+5. If any keyserver is configured and the Issuer Fingerprint is part
 of the signature (since GnuPG 2.1.16), the configured keyservers are
 tried.
 
diff --git a/g10/gpg.c b/g10/gpg.c
index 05289880a..c5ba72fb3 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -360,6 +360,8 @@ enum cmd_and_opt_values
     oNoRandomSeedFile,
     oAutoKeyRetrieve,
     oNoAutoKeyRetrieve,
+    oAutoKeyImport,
+    oNoAutoKeyImport,
     oUseAgent,
     oNoUseAgent,
     oGpgAgentInfo,
@@ -434,6 +436,7 @@ enum cmd_and_opt_values
     oUseOnlyOpenPGPCard,
     oFullTimestrings,
     oIncludeKeyBlock,
+    oNoIncludeKeyBlock,
 
     oNoop
   };
@@ -750,8 +753,6 @@ static gpgrt_opt_t opts[] = {
   ARGPARSE_s_i (oCompressLevel, "compress-level", "@"),
   ARGPARSE_s_i (oBZ2CompressLevel, "bzip2-compress-level", "@"),
   ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"),
-  ARGPARSE_s_n (oIncludeKeyBlock, "include-key-block",
-                N_("include the public key in the signature")),
 
   ARGPARSE_header ("ImportExport",
                    N_("Options controlling key import and export")),
@@ -759,8 +760,14 @@ static gpgrt_opt_t opts[] = {
   ARGPARSE_s_s (oAutoKeyLocate, "auto-key-locate",
               N_("|MECHANISMS|use MECHANISMS to locate keys by mail address")),
   ARGPARSE_s_n (oNoAutoKeyLocate, "no-auto-key-locate", "@"),
+  ARGPARSE_s_n (oAutoKeyImport,   "auto-key-import",
+                N_("import missing key from a signature")),
+  ARGPARSE_s_n (oNoAutoKeyImport, "no-auto-key-import", "@"),
   ARGPARSE_s_n (oAutoKeyRetrieve, "auto-key-retrieve", "@"),
   ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"),
+  ARGPARSE_s_n (oIncludeKeyBlock, "include-key-block",
+                N_("include the public key in signatures")),
+  ARGPARSE_s_n (oNoIncludeKeyBlock, "no-include-key-block", "@"),
   ARGPARSE_s_n (oDisableDirmngr, "disable-dirmngr",
                 N_("disable all access to the dirmngr")),
   ARGPARSE_s_s (oKeyServer, "keyserver", "@"), /* Deprecated.  */
@@ -1943,6 +1950,8 @@ gpgconf_list (const char *configfile)
   es_printf ("encrypt-to:%lu:\n", GC_OPT_FLAG_NONE);
   es_printf ("try-secret-key:%lu:\n", GC_OPT_FLAG_NONE);
   es_printf ("auto-key-locate:%lu:\n", GC_OPT_FLAG_NONE);
+  es_printf ("auto-key-import:%lu:\n", GC_OPT_FLAG_NONE);
+  es_printf ("include-key-block:%lu:\n", GC_OPT_FLAG_NONE);
   es_printf ("auto-key-retrieve:%lu:\n", GC_OPT_FLAG_NONE);
   es_printf ("log-file:%lu:\n", GC_OPT_FLAG_NONE);
   es_printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT);
@@ -3035,6 +3044,7 @@ main (int argc, char **argv)
 
           case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
           case oIncludeKeyBlock:  opt.flags.include_key_block = 1; break;
+          case oNoIncludeKeyBlock: opt.flags.include_key_block = 0; break;
 
 	  case oS2KMode:   opt.s2k_mode = pargs.r.ret_int; break;
 	  case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break;
@@ -3420,6 +3430,9 @@ main (int argc, char **argv)
 	  case oIgnoreMDCError: opt.ignore_mdc_error = 1; break;
 	  case oNoRandomSeedFile: use_random_seed = 0; break;
 
+          case oAutoKeyImport: opt.flags.auto_key_import = 1; break;
+          case oNoAutoKeyImport: opt.flags.auto_key_import = 0; break;
+
 	  case oAutoKeyRetrieve:
             opt.keyserver_options.options |= KEYSERVER_AUTO_KEY_RETRIEVE;
             break;
diff --git a/g10/mainproc.c b/g10/mainproc.c
index ffde748c0..941ffaa76 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -2012,14 +2012,11 @@ check_sig_and_print (CTX c, kbnode_t node)
   rc = do_check_sig (c, node, extrahash, extrahashlen, NULL,
                      NULL, &is_expkey, &is_revkey, &pk);
 
-  /* If the key is not found but the signaure includes a key bnlock we
-   * import that key block and trry again.  We keep this key block
-   * only if the signature verifies.  */
-  /* FIXME: Shall we add an option to disable it or use it only if
-   * --auto-key-retriueve is set?  */
+  /* If the key is not found but the signature includes a key block we
+   * use that key block for verification and on success import it.  */
   if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
-      && sig->flags.key_block)
-      /* && (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE)) */
+      && sig->flags.key_block
+      && opt.flags.auto_key_import)
     {
       PKT_public_key *included_pk;
       const byte *kblock;
diff --git a/g10/options.h b/g10/options.h
index d05164eac..bf1bb8f50 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -242,6 +242,7 @@ struct
     unsigned int large_rsa:1;
     unsigned int disable_signer_uid:1;
     unsigned int include_key_block:1;
+    unsigned int auto_key_import:1;
     /* Flag to enable experimental features from RFC4880bis.  */
     unsigned int rfc4880bis:1;
     /* Hack: --output is not given but OUTFILE was temporary set to "-".  */
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index f6d9c10b1..0700bcf1b 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -404,8 +404,9 @@ static known_option_t known_options_gpg[] =
    { "log-file",             GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
      GC_ARG_TYPE_FILENAME },
    { "auto-key-locate",      GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
+   { "auto-key-import",      GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
    { "auto-key-retrieve",    GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT },
-   { "no-auto-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
+   { "include-key-block",    GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
    { "disable-dirmngr",      GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT },
    { "max-cert-depth",       GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
    { "completes-needed",     GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
author	Werner Koch <[email protected]>	2020-03-14 17:04:47 +0000
committer	Werner Koch <[email protected]>	2020-03-14 17:04:47 +0000
commit	6b306f45f4fbe36b90cec4685aabb267a61e283f (patch)
tree	b992ac17f33003c835cb0a69be9e3203177531fe
parent	gpg: Make use of the included key block in a signature. (diff)
download	gnupg-6b306f45f4fbe36b90cec4685aabb267a61e283f.tar.gz gnupg-6b306f45f4fbe36b90cec4685aabb267a61e283f.zip