core: New encryption flag GPGME_ENCRYPT_THROW_KEYIDS.

* src/gpgme.h.in (GPGME_ENCRYPT_THROW_KEYIDS): New flag.
* src/engine-gpg.c (gpg_encrypt): Implement flag
(gpg_encrypt_sign): Implement flag.

* tests/run-encrypt.c (main): New option --throw-keyids.
--

It would be nice to also selectively hide recipients (that is gpg
--hidden-recipient) but our API does not ye allow this because it is
based on key objects.  A possible way to implement that would be a API
to set processing flags into a key but this is complicated due to the
reference counting and thus the possibility that a key object is used
by different context.

Signed-off-by: Werner Koch <wk@gnupg.org>

NEWS

@@ -12,7 +12,8 @@ Noteworthy changes in version 1.8.1 (unreleased)
  GPGME_CREATE_NOEXPIRE       NEW.
  gpgme_subkey_t              EXTENDED: New field is_de_vs.
  gpgme_op_keylist_from_data_start NEW.
- gpgme_data_rewind                UN-DEPRECATE.
+ GPGME_ENCRYPT_THROW_KEYIDS       NEW.
+ gpgme_data_rewind                UN-DEPRECATE
  cpp: Context::revUid(const Key&, const char*)      NEW.
  cpp: Context::startRevUid(const Key&, const char*) NEW.
  cpp: Context::addUid(const Key&, const char*)      NEW.

doc/gpgme.texi

@@ -5565,10 +5565,17 @@ also expect a sign command.
 
 @item GPGME_ENCRYPT_SYMMETRIC
 The @code{GPGME_ENCRYPT_SYMMETRIC} symbol specifies that the
-output should be additionally encrypted symmetically even
+output should be additionally encrypted symmetrically even
 if recipients are provided. This feature is only supported for
 for the OpenPGP crypto engine.
 
+@item GPGME_ENCRYPT_THROW_KEYIDS
+The @code{GPGME_ENCRYPT_THROW_KEYIDS} symbols requests that the
+identifiers for the decrption keys are not included in the ciphertext.
+On the receiving side, the use of this flag may slow down the
+decryption process because all available secret keys must be tried.
+This flag is only honored for OpenPGP encryption.
+
 @end table
 
 If @code{GPG_ERR_UNUSABLE_PUBKEY} is returned, some recipients in

src/engine-gpg.c

@@ -1860,6 +1860,9 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], gpgme_encrypt_flags_t flags,
   if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS))
     err = add_arg (gpg, "--compress-algo=none");
 
+  if (!err && (flags & GPGME_ENCRYPT_THROW_KEYIDS))
+    err = add_arg (gpg, "--throw-keyids");
+
   if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME
       && have_gpg_version (gpg, "2.1.14"))
     err = add_arg (gpg, "--mimemode");
@@ -1929,6 +1932,9 @@ gpg_encrypt_sign (void *engine, gpgme_key_t recp[],
   if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS))
     err = add_arg (gpg, "--compress-algo=none");
 
+  if (!err && (flags & GPGME_ENCRYPT_THROW_KEYIDS))
+    err = add_arg (gpg, "--throw-keyids");
+
   if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME
       && have_gpg_version (gpg, "2.1.14"))
     err = add_arg (gpg, "--mimemode");

src/gpgme.h.in

@@ -1237,7 +1237,8 @@ typedef enum
     GPGME_ENCRYPT_PREPARE = 4,
     GPGME_ENCRYPT_EXPECT_SIGN = 8,
     GPGME_ENCRYPT_NO_COMPRESS = 16,
-    GPGME_ENCRYPT_SYMMETRIC = 32
+    GPGME_ENCRYPT_SYMMETRIC = 32,
+    GPGME_ENCRYPT_THROW_KEYIDS = 64
   }
 gpgme_encrypt_flags_t;
 

tests/run-encrypt.c

@@ -88,6 +88,7 @@ show_usage (int ex)
          "  --uiserver       use the UI server\n"
          "  --loopback       use a loopback pinentry\n"
          "  --key NAME       encrypt to key NAME\n"
+         "  --throw-keyids   use this option\n"
          "  --symmetric      encrypt symmetric (OpenPGP only)\n"
          , stderr);
   exit (ex);
@@ -170,6 +171,11 @@ main (int argc, char **argv)
           keyargs[keycount++] = *argv;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--throw-keyids"))
+        {
+          flags |= GPGME_ENCRYPT_THROW_KEYIDS;
+          argc--; argv++;
+        }
       else if (!strcmp (*argv, "--loopback"))
         {
           use_loopback = 1;