core: New encryption flag GPGME_ENCRYPT_THROW_KEYIDS.

* src/gpgme.h.in (GPGME_ENCRYPT_THROW_KEYIDS): New flag.
* src/engine-gpg.c (gpg_encrypt): Implement flag
(gpg_encrypt_sign): Implement flag.

* tests/run-encrypt.c (main): New option --throw-keyids.
--

It would be nice to also selectively hide recipients (that is gpg
--hidden-recipient) but our API does not ye allow this because it is
based on key objects.  A possible way to implement that would be a API
to set processing flags into a key but this is complicated due to the
reference counting and thus the possibility that a key object is used
by different context.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-03-21 10:39:33 +01:00
parent 35023f3136
commit fab8b1a166
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
5 changed files with 24 additions and 3 deletions

3
NEWS
View File

@ -12,7 +12,8 @@ Noteworthy changes in version 1.8.1 (unreleased)
GPGME_CREATE_NOEXPIRE NEW. GPGME_CREATE_NOEXPIRE NEW.
gpgme_subkey_t EXTENDED: New field is_de_vs. gpgme_subkey_t EXTENDED: New field is_de_vs.
gpgme_op_keylist_from_data_start NEW. gpgme_op_keylist_from_data_start NEW.
gpgme_data_rewind UN-DEPRECATE. GPGME_ENCRYPT_THROW_KEYIDS NEW.
gpgme_data_rewind UN-DEPRECATE
cpp: Context::revUid(const Key&, const char*) NEW. cpp: Context::revUid(const Key&, const char*) NEW.
cpp: Context::startRevUid(const Key&, const char*) NEW. cpp: Context::startRevUid(const Key&, const char*) NEW.
cpp: Context::addUid(const Key&, const char*) NEW. cpp: Context::addUid(const Key&, const char*) NEW.

View File

@ -5565,10 +5565,17 @@ also expect a sign command.
@item GPGME_ENCRYPT_SYMMETRIC @item GPGME_ENCRYPT_SYMMETRIC
The @code{GPGME_ENCRYPT_SYMMETRIC} symbol specifies that the The @code{GPGME_ENCRYPT_SYMMETRIC} symbol specifies that the
output should be additionally encrypted symmetically even output should be additionally encrypted symmetrically even
if recipients are provided. This feature is only supported for if recipients are provided. This feature is only supported for
for the OpenPGP crypto engine. for the OpenPGP crypto engine.
@item GPGME_ENCRYPT_THROW_KEYIDS
The @code{GPGME_ENCRYPT_THROW_KEYIDS} symbols requests that the
identifiers for the decrption keys are not included in the ciphertext.
On the receiving side, the use of this flag may slow down the
decryption process because all available secret keys must be tried.
This flag is only honored for OpenPGP encryption.
@end table @end table
If @code{GPG_ERR_UNUSABLE_PUBKEY} is returned, some recipients in If @code{GPG_ERR_UNUSABLE_PUBKEY} is returned, some recipients in

View File

@ -1860,6 +1860,9 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], gpgme_encrypt_flags_t flags,
if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS)) if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS))
err = add_arg (gpg, "--compress-algo=none"); err = add_arg (gpg, "--compress-algo=none");
if (!err && (flags & GPGME_ENCRYPT_THROW_KEYIDS))
err = add_arg (gpg, "--throw-keyids");
if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME
&& have_gpg_version (gpg, "2.1.14")) && have_gpg_version (gpg, "2.1.14"))
err = add_arg (gpg, "--mimemode"); err = add_arg (gpg, "--mimemode");
@ -1929,6 +1932,9 @@ gpg_encrypt_sign (void *engine, gpgme_key_t recp[],
if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS)) if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS))
err = add_arg (gpg, "--compress-algo=none"); err = add_arg (gpg, "--compress-algo=none");
if (!err && (flags & GPGME_ENCRYPT_THROW_KEYIDS))
err = add_arg (gpg, "--throw-keyids");
if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME
&& have_gpg_version (gpg, "2.1.14")) && have_gpg_version (gpg, "2.1.14"))
err = add_arg (gpg, "--mimemode"); err = add_arg (gpg, "--mimemode");

View File

@ -1237,7 +1237,8 @@ typedef enum
GPGME_ENCRYPT_PREPARE = 4, GPGME_ENCRYPT_PREPARE = 4,
GPGME_ENCRYPT_EXPECT_SIGN = 8, GPGME_ENCRYPT_EXPECT_SIGN = 8,
GPGME_ENCRYPT_NO_COMPRESS = 16, GPGME_ENCRYPT_NO_COMPRESS = 16,
GPGME_ENCRYPT_SYMMETRIC = 32 GPGME_ENCRYPT_SYMMETRIC = 32,
GPGME_ENCRYPT_THROW_KEYIDS = 64
} }
gpgme_encrypt_flags_t; gpgme_encrypt_flags_t;

View File

@ -88,6 +88,7 @@ show_usage (int ex)
" --uiserver use the UI server\n" " --uiserver use the UI server\n"
" --loopback use a loopback pinentry\n" " --loopback use a loopback pinentry\n"
" --key NAME encrypt to key NAME\n" " --key NAME encrypt to key NAME\n"
" --throw-keyids use this option\n"
" --symmetric encrypt symmetric (OpenPGP only)\n" " --symmetric encrypt symmetric (OpenPGP only)\n"
, stderr); , stderr);
exit (ex); exit (ex);
@ -170,6 +171,11 @@ main (int argc, char **argv)
keyargs[keycount++] = *argv; keyargs[keycount++] = *argv;
argc--; argv++; argc--; argv++;
} }
else if (!strcmp (*argv, "--throw-keyids"))
{
flags |= GPGME_ENCRYPT_THROW_KEYIDS;
argc--; argv++;
}
else if (!strcmp (*argv, "--loopback")) else if (!strcmp (*argv, "--loopback"))
{ {
use_loopback = 1; use_loopback = 1;