Configure the use of from header for epg signing.

Configure the use of from header for epg signing.

[Daniel Dehennin]

[-- Attachment #1: Type: text/plain, Size: 2330 bytes --]


Here is a patch to make the use of from header conditional, this solve
issue 1 in [1].

It can be fetched from my Gnus git repository [2].

I do not update the Changelog to avoid conflict, I think changelog can
be automatically handled by hook when Lars pull in its branch ;-)

This patch is tested by me.

Regards.

* lisp/mml2015.el (mml2015-use-from-address): New variable for optional
  from header use.
  (mml2015-epg-sign): Use it.
  (mml2015-epg-encrypt): Ditto.
---
 lisp/mml2015.el |   12 ++++++++++--
 1 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/lisp/mml2015.el b/lisp/mml2015.el
index 9831b33..dde8a08 100644
--- a/lisp/mml2015.el
+++ b/lisp/mml2015.el
@@ -121,6 +121,12 @@ Whether the passphrase is cached at all is controlled by
   :group 'mime-security
   :type '(repeat (string :tag "Key ID")))
 
+(defcustom mml2015-use-from-address nil
+  "If t, use from header mail address before mml2015-signers when
+signing."
+  :group 'mime-security
+  :type 'boolean)
+
 (defcustom mml2015-encrypt-to-self nil
   "If t, add your own key ID to recipient list when encryption."
   :group 'mime-security
@@ -960,7 +966,8 @@ Whether the passphrase is cached at all is controlled by
   (let* ((inhibit-redisplay t)
 	 (context (epg-make-context))
 	 (boundary (mml-compute-boundary cont))
-	 (sender (message-options-get 'message-sender))
+	 (sender (if mml2015-use-from-address
+		     (message-options-get 'message-sender)))
 	 signer-key
 	 (signers
 	  (or (message-options-get 'mml2015-epg-signers)
@@ -1035,7 +1042,8 @@ If no one is selected, default secret key is used.  "
   (let ((inhibit-redisplay t)
 	(context (epg-make-context))
 	(config (epg-configuration))
-	(sender (message-options-get 'message-sender))
+	 (sender (if mml2015-use-from-address
+		     (message-options-get 'message-sender)))
 	(recipients (message-options-get 'mml2015-epg-recipients))
 	cipher signers
 	(boundary (mml-compute-boundary cont))
-- 
1.7.2.3



Footnotes: 
[1]  http://lists.gnu.org/archive/html/bug-gnu-emacs/2011-01/msg00207.html

[2]  http://www.baby-gnu.org/~nebu/archives/gnus/gnus.git/ dad/mml2015-epg-use-from-to-sign-if-configured

-- 
Daniel Dehennin
Récupérer ma clef GPG:
gpg --keyserver pgp.mit.edu --recv-keys 0x6A2540D1

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

Re: Configure the use of from header for epg signing.

[Lars Magne Ingebrigtsen]

Daniel Dehennin <daniel.dehennin@baby-gnu.org> writes:

> I do not update the Changelog to avoid conflict, I think changelog can
> be automatically handled by hook when Lars pull in its branch ;-)

Please do update ChangeLogs.  I resolve conflicts when I pull and
stuff -- it's no biggie.

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen

bug#7797: Configure the use of from header for epg signing.

[Luca Capello]

[-- Attachment #1: Type: text/plain, Size: 4330 bytes --]

Hi there!

On Fri, 07 Jan 2011 14:18:41 +0100, Daiki Ueno wrote:
> Luca Capello <luca@pca.it> writes:
>> Please, can you post it here, so I do not have to download the bzr
>> repository?  The Savannah bzr repository is disabled
>> <http://bzr.savannah.gnu.org/lh/emacs> and the Launhpad one
>> <http://bazaar.launchpad.net/~vcs-imports/emacs/trunk/files> does not
>> have it yet.
>
> Looks git mirror is up to date:
>
> http://git.sv.gnu.org/cgit/emacs.git/commit/?id=3d51f602

It was not at the time of my writing and looking around on the Internet
I was not sure if the Git repository is automatically updated (and when)
or not.

>> I am sorry, but I still think this is not the correct solution, thus I
>> reopened the bug (control server bcc:ed).  I think the cases should be
>> the following, which I have (sort of) explained in my first post and it
>> is similar to Ashish's one at:
>>
>>   <http://lists.gnu.org/archive/html/emacs-devel/2010-12/msg00612.html>
>
> I think there are 2 separate issues:
>
> (1) Gnus now picks signing keys from "From:" header by default. Which is
>     an incompatible behavior change from the previous versions.
>
> (2) mml2015-epg-find-usable-key, a function used to determine whether a
>     key is usable for signing, has a bug.
>
> I fixed (2) as r102771 and you are talking about (1).  

Exactly, but I do not understand the need for (2), since as I wrote in
my previous reply (point 1) IMHO by default EasyPG should do nothing WRT
GnuPG and which keys should be used, especially given that the error
message is useless without a non-nil `epg-debug':

  Message-ID: <87r5cpow4q.fsf@gismo.pca.it>
  URL: <http://debbugs.gnu.org/cgi/bugreport.cgi?bug=7797#16>

Nevertheless, now that things went back to normality (read below), I do
not care such a lot about that.

>> I would have wanted to reply only after having implemented my solution,
>> but since I am quite busy right now (and I will be for the whole next
>> week as well), it is better to put here my ideas *now*.
>
> Well, probably you could first try the patch for (2) and then propose
> improvement ideas for (1) I think :-)

FWIW, your patch for (2) works perfectly (adapted to the
lisp/gnus/mml2015.el local copy I have), tested on both my working
environment and the fresh setup I used to report the bug.

On Fri, 07 Jan 2011 18:29:01 +0100, Daniel Dehennin wrote:
> Here is a patch to make the use of from header conditional, this solve
> issue 1 in [1].
>
> It can be fetched from my Gnus git repository [2].
>
> I do not update the Changelog to avoid conflict, I think changelog can
> be automatically handled by hook when Lars pull in its branch ;-)
>
> This patch is tested by me.

And tested by me as well, *without* Daiki's patch applied, for both
signing...
=====
/usr/bin/gpg --no-tty --status-fd 1 --yes --command-fd 0 --armor --textmode \
--output /tmp/epg-output3395dRp --detach-sign -u 8D3867D89DDB992B
gpg: skipped "8D3867D89DDB992B": unusable secret key
gpg: signing failed: unusable secret key

[patch applied]

/usr/bin/gpg --no-tty --status-fd 1 --yes --command-fd 0 --armor --textmode \
--output /tmp/epg-output3395qbv --detach-sign
[GNUPG:] USERID_HINT D91D57A03BE9F36D Luca Capello <luca@pca.it>
=====

...and encryption to my Debian address:
=====
/usr/bin/gpg --no-tty --status-fd 1 --yes --command-fd 0 --armor --textmode \
 --output /tmp/epg-output355543E --always-trust --encrypt --sign -u 8D3867D89DDB992B -r 06EAA066E397832F
gpg: skipped "8D3867D89DDB992B": unusable secret key
gpg: [stdin]: sign+encrypt failed: unusable secret key

[patch applied]

/usr/bin/gpg --no-tty --status-fd 1 --yes --command-fd 0 --armor --textmode \
 --output /tmp/epg-output3555FCL --always-trust --encrypt --sign -r 06EAA066E397832F
[GNUPG:] USERID_HINT D91D57A03BE9F36D Luca Capello <luca@pca.it>
=====

> @@ -1035,7 +1042,8 @@ If no one is selected, default secret key is used.  "
>    (let ((inhibit-redisplay t)
>  	(context (epg-make-context))
>  	(config (epg-configuration))
> -	(sender (message-options-get 'message-sender))
> +	 (sender (if mml2015-use-from-address
> +		     (message-options-get 'message-sender)))

There are extra spaces before the parenthesis here ;-)

Thx, bye,
Gismo / Luca

[-- Attachment #2: Type: application/pgp-signature, Size: 835 bytes --]

Re: Configure the use of from header for epg signing.

[Daniel Dehennin]

[-- Attachment #1: Type: text/plain, Size: 1835 bytes --]


Here is a fixed patch.

Regards.

* lisp/mml2015.el (mml2015-use-from-address): New variable for optional
  from header use.
  (mml2015-epg-sign): Use it.
  (mml2015-epg-encrypt): Ditto.
---
 lisp/mml2015.el |   12 ++++++++++--
 1 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/lisp/mml2015.el b/lisp/mml2015.el
index 9831b33..762eb95 100644
--- a/lisp/mml2015.el
+++ b/lisp/mml2015.el
@@ -121,6 +121,12 @@ Whether the passphrase is cached at all is controlled by
   :group 'mime-security
   :type '(repeat (string :tag "Key ID")))
 
+(defcustom mml2015-use-from-address nil
+  "If t, use from header mail address before mml2015-signers when
+signing."
+  :group 'mime-security
+  :type 'boolean)
+
 (defcustom mml2015-encrypt-to-self nil
   "If t, add your own key ID to recipient list when encryption."
   :group 'mime-security
@@ -960,7 +966,8 @@ Whether the passphrase is cached at all is controlled by
   (let* ((inhibit-redisplay t)
 	 (context (epg-make-context))
 	 (boundary (mml-compute-boundary cont))
-	 (sender (message-options-get 'message-sender))
+	 (sender (if mml2015-use-from-address
+		     (message-options-get 'message-sender)))
 	 signer-key
 	 (signers
 	  (or (message-options-get 'mml2015-epg-signers)
@@ -1035,7 +1042,8 @@ If no one is selected, default secret key is used.  "
   (let ((inhibit-redisplay t)
 	(context (epg-make-context))
 	(config (epg-configuration))
-	(sender (message-options-get 'message-sender))
+	(sender (if mml2015-use-from-address
+		    (message-options-get 'message-sender)))
 	(recipients (message-options-get 'mml2015-epg-recipients))
 	cipher signers
 	(boundary (mml-compute-boundary cont))
-- 
1.7.2.3


-- 
Daniel Dehennin
Récupérer ma clef GPG:
gpg --keyserver pgp.mit.edu --recv-keys 0x6A2540D1

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

Re: Configure the use of from header for epg signing.

[Lars Ingebrigtsen]

Daniel Dehennin <daniel.dehennin@baby-gnu.org> writes:

> Here is a fixed patch.

I'm not familiar with the signing code, but the patch looks fine to me.
Should I just apply it?

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen

Re: Configure the use of from header for epg signing.

[Daiki Ueno]

Lars Ingebrigtsen <larsi@gnus.org> writes:

> Daniel Dehennin <daniel.dehennin@baby-gnu.org> writes:
>
>> Here is a fixed patch.
>
> I'm not familiar with the signing code, but the patch looks fine to me.
> Should I just apply it?

It looks good to me.  Since I'm thinking of another tweak related to
signing, I'll apply this patch soon unless anyone objects.

Regards,
-- 
Daiki Ueno

Re: Configure the use of from header for epg signing.

[Julien Danjou]

[-- Attachment #1: Type: text/plain, Size: 335 bytes --]

> It looks good to me.  Since I'm thinking of another tweak related to
> signing, I'll apply this patch soon unless anyone objects.

Sorry, I got bitten by this today and fixed it without seeing this
thread before. I've just fixed the same way Daniel did, so no harm done.
:)

-- 
Julien Danjou
❱ http://julien.danjou.info

[-- Attachment #2: Type: application/pgp-signature, Size: 835 bytes --]

Re: Configure the use of from header for epg signing.

[Daiki Ueno]

Julien Danjou <julien@danjou.info> writes:

>> It looks good to me.  Since I'm thinking of another tweak related to
>> signing, I'll apply this patch soon unless anyone objects.
>
> Sorry, I got bitten by this today and fixed it without seeing this
> thread before. I've just fixed the same way Daniel did, so no harm done.
> :)

Cool, thanks :) I just installed another tweak now (commit 5999faac),
which implements Luca's suggestion #2 at:

http://debbugs.gnu.org/cgi/bugreport.cgi?bug=7797#16

Testing would be appreciated.

Regards,
-- 
Daiki Ueno

Re: Configure the use of from header for epg signing.

[Luca Capello]

[-- Attachment #1: Type: text/plain, Size: 2554 bytes --]

Hi there!

I am sorry for being late, preparing/attending FOSDEM got all my time.

On Fri, 28 Jan 2011 02:08:08 +0100, Daiki Ueno wrote:
> Julien Danjou <julien@danjou.info> writes:
>
>>> It looks good to me.  Since I'm thinking of another tweak related to
>>> signing, I'll apply this patch soon unless anyone objects.
>>
>> Sorry, I got bitten by this today and fixed it without seeing this
>> thread before. I've just fixed the same way Daniel did, so no harm done.
>> :)
>
> Cool, thanks :) I just installed another tweak now (commit 5999faac),
> which implements Luca's suggestion #2 at:
>
> http://debbugs.gnu.org/cgi/bugreport.cgi?bug=7797#16
>
> Testing would be appreciated.

I backported your patch on top of your first one [1] and Julien's [2]
and everything is working as expected, thanks:

(setq mml2015-signers nil)
=> Passphrase for D91D57A03BE9F36D Luca Capello <luca@pca.it>:

(setq mml2015-signers (list "3BE9F36D"))
=> Passphrase for D91D57A03BE9F36D Luca Capello <luca@pca.it>

(setq mml2015-signers (list "9DDB992B"))
=> No secret key for 9DDB992B; skip it? (y or n) y
   Passphrase for D91D57A03BE9F36D Luca Capello <luca@pca.it>:

(setq mml2015-signers (list "9DDB992B" "3BE9F36D"))
=> No secret key for 9DDB992B; skip it? (y or n) y
   Passphrase for D91D57A03BE9F36D Luca Capello <luca@pca.it>:

[1] <http://debbugs.gnu.org/cgi/bugreport.cgi?bug=7797#13>
[2] <http://debbugs.gnu.org/cgi/bugreport.cgi?bug=7797#39>
    FWIW I would have preferred Daniel's patch, the variable name was a
    bit clearer and more self-explicative, but never mind, what is
    important is that it is fixed!

BTW, the description for `mml2015-signers' still needs
--8<---------------cut here---------------start------------->8---
diff --git a/lisp/mml2015.el b/lisp/mml2015.el
index 1271168..df106bb 100644
--- a/lisp/mml2015.el
+++ b/lisp/mml2015.el
@@ -116,7 +116,7 @@ Whether the passphrase is cached at all is controlled by
   :type 'integer)
 
 (defcustom mml2015-signers nil
-  "A list of your own key ID which will be used to sign a message.
+  "A list of your own key ID(s) which will be used to sign a message.
 If set, it overrides the setting of `mml2015-sign-with-sender'."
   :group 'mime-security
   :type '(repeat (string :tag "Key ID")))
--8<---------------cut here---------------end--------------->8---

Apart from the above, given that all the patches have been included in
the emacs tree, this bug should be closed, I leave this to you ;-)

Thx, bye,
Gismo / Luca

[-- Attachment #2: Type: application/pgp-signature, Size: 835 bytes --]