[PATCH] PGG retrieving keys itself (was: [PGG] Any way to download keys automatically?)

["Michael Teichgräber" <mt@wmipf.in-berlin.de>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Marshall T. Vandegrift" <vandem2@rpi.edu> writes:

> However, PGG does also include support to retrieve keys itself:

PGG uses pgg-decode-armor-region to get the key ID of the message's
signing key, but only if there is a detached (PGP/MIME)
signature. With clear-signed messages it seems not to work.

This patch adds some code to pgg-verify-region, that checks for the
existence of a clear signed message and feeds the signature region to
pgg-decode-armor-region the same way as it is done for detached
signatures.

Is this how it could be done? (I do not have much practice on Lisp
programming yet):

- ------------------------------------------------------------>8----------
Index: pgg.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/pgg.el,v
retrieving revision 6.15
diff -u -p -r6.15 pgg.el
- --- pgg.el	16 Apr 2003 16:28:19 -0000	6.15
+++ pgg.el	17 Apr 2003 10:04:04 -0000
@@ -243,21 +243,29 @@ and the the output is displayed."
     status))
   
 ;;;###autoload
- -(defun pgg-verify-region (start end &optional signature fetch)
+(defun pgg-verify-region (start end &optional detached-sig fetch)
   "Verify the current region between START and END.
- -If the optional 3rd argument SIGNATURE is non-nil, it is treated as
+If the optional 3rd argument DETACHED-SIG is non-nil, it is treated as
 the detached signature of the current region.
 
 If the optional 4th argument FETCH is non-nil, we attempt to fetch the
 signer's public key from `pgg-default-keyserver-address'."
   (interactive "r")
- -  (let* ((packet
- -	  (if (null signature) nil
+  (let* ((clear-sig 
+	  (unless detached-sig
+	    (save-excursion 
+	      (goto-char start)
+	      (if (re-search-forward "^-+BEGIN PGP SIGNATURE" end t)
+		  (buffer-substring (match-beginning 0) end)))))
+	 (packet
+	  (when (or detached-sig clear-sig)
 	    (with-temp-buffer
 	      (buffer-disable-undo)
 	      (if (fboundp 'set-buffer-multibyte)
 		  (set-buffer-multibyte nil))
- -	      (insert-file-contents signature)
+	      (if detached-sig 
+		  (insert-file-contents detached-sig)
+		(insert clear-sig))
 	      (cdr (assq 2 (pgg-decode-armor-region
 			    (point-min)(point-max)))))))
 	 (key (cdr (assq 'key-identifier packet)))
@@ -275,7 +283,7 @@ signer's public key from `pgg-default-ke
     (setq status 
 	  (pgg-save-coding-system start end
 	    (pgg-invoke "verify-region" (or pgg-scheme pgg-default-scheme)
- -			(point-min) (point-max) signature)))
+			(point-min) (point-max) detached-sig)))
     (when (interactive-p)
       (let ((temp-buffer-show-function
 	     (function pgg-temp-buffer-show-function)))
- ----------8<------------------------------------------------------------


> Does this exist for OpenPGP implementations which do not support
> automated key-retrieval, or is there some good reason to have PGG do
> it instead of the OpenPGP tool?

- From what its manpage says, there is no function at least in PGP 2.6.3
to automatically retrieve keys. A good reason is IMHO, if you work at
a dialup host, that you have a chance to connect to the the network
before the signature is checked, since PGG will prompt you if it could
not find the public key.

- -- 
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+nn21Pw209BGCgAARAshsAKDr3OkjlJI3h1bG1gsZPFWy+hKozACggZ2V
6jnZxBiakrft0Mdv5Bc8oPs=
=S37T
-----END PGP SIGNATURE-----