gpg: New option --include-key-block.

* common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New.
* g10/gpg.c (oIncludeKeyBlock): New.
(opts): New option --include-key-block.
(main): Implement.
* g10/options.h (opt): New flag include_key_block.
* g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK.
(parse_one_sig_subpkt): Ditto.
(can_handle_critical): Ditto.
* g10/sign.c (mk_sig_subpkt_key_block): New.
(write_signature_packets): Call it for data signatures.
--

This patch adds support for a to be proposed OpenPGP ferature:

  Introduce the Key Block subpacket to align OpenPGP with CMS.

  This new subpacket may be used similar to the CertificateSet of
  CMS (RFC-5652) and thus allows to start encrypted communication
  after having received a signed message.  In practice a stripped down
  version of the key should be including having only the key material
  and the self-signatures which are really useful and shall be used by
  the recipient to reply encrypted.

  #### Key Block

  (1 octet with value 0, N octets of key data)

  This subpacket MAY be used to convey key data along with a signature
  of class 0x00, 0x01, or 0x02.  It MUST contain the key used to create
  the signature; either as the primary key or as a subkey.  The key
  SHOULD contain a primary or subkey capable of encryption and the
  entire key must be a valid OpenPGP key including at least one User ID
  packet and the corresponding self-signatures.

  Implementations MUST ignore this subpacket if the first octet does not
  have a value of zero or if the key data does not represent a valid
  transferable public key.

GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <[email protected]>

1 files changed, 5 insertions, 2 deletions

diff --git a/g10/gpg.c b/g10/gpg.c
index bf7421577..05289880a 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -433,6 +433,7 @@ enum cmd_and_opt_values
     oNoSymkeyCache,
     oUseOnlyOpenPGPCard,
     oFullTimestrings,
+    oIncludeKeyBlock,
 
     oNoop
   };
@@ -748,7 +749,9 @@ static gpgrt_opt_t opts[] = {
                 N_("|N|set compress level to N (0 disables)")),
   ARGPARSE_s_i (oCompressLevel, "compress-level", "@"),
   ARGPARSE_s_i (oBZ2CompressLevel, "bzip2-compress-level", "@"),
-
+  ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"),
+  ARGPARSE_s_n (oIncludeKeyBlock, "include-key-block",
+                N_("include the public key in the signature")),
 
   ARGPARSE_header ("ImportExport",
                    N_("Options controlling key import and export")),
@@ -826,7 +829,6 @@ static gpgrt_opt_t opts[] = {
   ARGPARSE_s_n (oNoSkipHiddenRecipients, "no-skip-hidden-recipients", "@"),
   ARGPARSE_s_s (oOverrideSessionKey, "override-session-key", "@"),
   ARGPARSE_s_i (oOverrideSessionKeyFD, "override-session-key-fd", "@"),
-  ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"),
 
 
   ARGPARSE_header ("Security", N_("Options controlling the security")),
@@ -3032,6 +3034,7 @@ main (int argc, char **argv)
 	  case oForceAEAD: opt.force_aead = 1; break;
 
           case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
+          case oIncludeKeyBlock:  opt.flags.include_key_block = 1; break;
 
 	  case oS2KMode:   opt.s2k_mode = pargs.r.ret_int; break;
 	  case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break;