diff options
| author | Werner Koch <[email protected]> | 2016-06-13 09:24:09 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2016-06-13 09:24:09 +0000 |
| commit | 61e7fd68c05ed185728e9da45f7a44a2323065ad (patch) | |
| tree | b15ce50d5fd51ea6833f0620e51df5ae8bbd7bc4 /doc/gpg.texi | |
| parent | gpg: Try Signer's User ID sub-packet with --auto-key-retrieve. (diff) | |
| download | gnupg-61e7fd68c05ed185728e9da45f7a44a2323065ad.tar.gz gnupg-61e7fd68c05ed185728e9da45f7a44a2323065ad.zip | |
gpg: New option --disable-signer-uid, create Signer's UID sub-packet.
* g10/gpg.c (oDisableSignerUID): New.
(opts): New option '--disable-signer-uid'.
(main): Set option.
* g10/options.h (opt): Add field flags.disable_signer_uid.
* g10/sign.c: Include mbox-util.h.
(mk_notation_policy_etc): Embed the signer's uid.
* g10/mainproc.c (check_sig_and_print): Do not use WKD for auto key
retrieval if --disable-signer-uid is used.
--
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'doc/gpg.texi')
| -rw-r--r-- | doc/gpg.texi | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi index f092b270d..182abb105 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1740,13 +1740,17 @@ are available for all keyserver types, some common options are: @item auto-key-retrieve This option enables the automatic retrieving of keys from a keyserver when verifying signatures made by keys that are not on the local - keyring. + keyring. If the method "wkd" is included in the list of methods + given to @option{auto-key-locate}, the Signer's User ID is part of + the signature, and the option @option{--disable-signer-uid} is not used, + the "wkd" method may also be used to retrieve a key. Note that this option makes a "web bug" like behavior possible. - Keyserver operators can see which keys you request, so by sending you - a message signed by a brand new key (which you naturally will not have - on your local keyring), the operator can tell both your IP address and - the time when you verified the signature. + Keyserver or Web Key Directory operators can see which keys you + request, so by sending you a message signed by a brand new key (which + you naturally will not have on your local keyring), the operator can + tell both your IP address and the time when you verified the + signature. @item honor-keyserver-url When using @option{--refresh-keys}, if the key in question has a preferred @@ -2344,6 +2348,14 @@ Disable the use of the modification detection code. Note that by using this option, the encrypted message becomes vulnerable to a message modification attack. +@item --disable-signer-uid +@opindex disable-signer-uid +By default the user ID of the signing key is embedded in the data +signature. As of now this is only done if the signing key has been +specified with @option{local-user} using a mail address. This +information can be helpful for verifier to locate the key; see +@option{--auto-key-retrieve}. + @item --personal-cipher-preferences @code{string} @opindex personal-cipher-preferences Set the list of personal cipher preferences to @code{string}. Use |