[Pkg-gnupg-commit] [gpgme] 109/132: core: New encryption flag GPGME_ENCRYPT_THROW_KEYIDS.

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Apr 26 01:01:36 UTC 2017


This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch experimental
in repository gpgme.

commit fab8b1a166fff7265d8a7a7acbbf5f30d26cc93c
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Mar 21 10:39:33 2017 +0100

    core: New encryption flag GPGME_ENCRYPT_THROW_KEYIDS.
    
    * src/gpgme.h.in (GPGME_ENCRYPT_THROW_KEYIDS): New flag.
    * src/engine-gpg.c (gpg_encrypt): Implement flag
    (gpg_encrypt_sign): Implement flag.
    
    * tests/run-encrypt.c (main): New option --throw-keyids.
    --
    
    It would be nice to also selectively hide recipients (that is gpg
    --hidden-recipient) but our API does not ye allow this because it is
    based on key objects.  A possible way to implement that would be a API
    to set processing flags into a key but this is complicated due to the
    reference counting and thus the possibility that a key object is used
    by different context.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>
---
 NEWS                | 3 ++-
 doc/gpgme.texi      | 9 ++++++++-
 src/engine-gpg.c    | 6 ++++++
 src/gpgme.h.in      | 3 ++-
 tests/run-encrypt.c | 6 ++++++
 5 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/NEWS b/NEWS
index cf02fc2..7ad1188 100644
--- a/NEWS
+++ b/NEWS
@@ -12,7 +12,8 @@ Noteworthy changes in version 1.8.1 (unreleased)
  GPGME_CREATE_NOEXPIRE       NEW.
  gpgme_subkey_t              EXTENDED: New field is_de_vs.
  gpgme_op_keylist_from_data_start NEW.
- gpgme_data_rewind                UN-DEPRECATE.
+ GPGME_ENCRYPT_THROW_KEYIDS       NEW.
+ gpgme_data_rewind                UN-DEPRECATE
  cpp: Context::revUid(const Key&, const char*)      NEW.
  cpp: Context::startRevUid(const Key&, const char*) NEW.
  cpp: Context::addUid(const Key&, const char*)      NEW.
diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index edcbb98..a4ab5c4 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -5565,10 +5565,17 @@ also expect a sign command.
 
 @item GPGME_ENCRYPT_SYMMETRIC
 The @code{GPGME_ENCRYPT_SYMMETRIC} symbol specifies that the
-output should be additionally encrypted symmetically even
+output should be additionally encrypted symmetrically even
 if recipients are provided. This feature is only supported for
 for the OpenPGP crypto engine.
 
+ at item GPGME_ENCRYPT_THROW_KEYIDS
+The @code{GPGME_ENCRYPT_THROW_KEYIDS} symbols requests that the
+identifiers for the decrption keys are not included in the ciphertext.
+On the receiving side, the use of this flag may slow down the
+decryption process because all available secret keys must be tried.
+This flag is only honored for OpenPGP encryption.
+
 @end table
 
 If @code{GPG_ERR_UNUSABLE_PUBKEY} is returned, some recipients in
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 4b87a8a..6024529 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -1860,6 +1860,9 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], gpgme_encrypt_flags_t flags,
   if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS))
     err = add_arg (gpg, "--compress-algo=none");
 
+  if (!err && (flags & GPGME_ENCRYPT_THROW_KEYIDS))
+    err = add_arg (gpg, "--throw-keyids");
+
   if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME
       && have_gpg_version (gpg, "2.1.14"))
     err = add_arg (gpg, "--mimemode");
@@ -1929,6 +1932,9 @@ gpg_encrypt_sign (void *engine, gpgme_key_t recp[],
   if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS))
     err = add_arg (gpg, "--compress-algo=none");
 
+  if (!err && (flags & GPGME_ENCRYPT_THROW_KEYIDS))
+    err = add_arg (gpg, "--throw-keyids");
+
   if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME
       && have_gpg_version (gpg, "2.1.14"))
     err = add_arg (gpg, "--mimemode");
diff --git a/src/gpgme.h.in b/src/gpgme.h.in
index 2cf096b..16191eb 100644
--- a/src/gpgme.h.in
+++ b/src/gpgme.h.in
@@ -1237,7 +1237,8 @@ typedef enum
     GPGME_ENCRYPT_PREPARE = 4,
     GPGME_ENCRYPT_EXPECT_SIGN = 8,
     GPGME_ENCRYPT_NO_COMPRESS = 16,
-    GPGME_ENCRYPT_SYMMETRIC = 32
+    GPGME_ENCRYPT_SYMMETRIC = 32,
+    GPGME_ENCRYPT_THROW_KEYIDS = 64
   }
 gpgme_encrypt_flags_t;
 
diff --git a/tests/run-encrypt.c b/tests/run-encrypt.c
index fd86836..c148e93 100644
--- a/tests/run-encrypt.c
+++ b/tests/run-encrypt.c
@@ -88,6 +88,7 @@ show_usage (int ex)
          "  --uiserver       use the UI server\n"
          "  --loopback       use a loopback pinentry\n"
          "  --key NAME       encrypt to key NAME\n"
+         "  --throw-keyids   use this option\n"
          "  --symmetric      encrypt symmetric (OpenPGP only)\n"
          , stderr);
   exit (ex);
@@ -170,6 +171,11 @@ main (int argc, char **argv)
           keyargs[keycount++] = *argv;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--throw-keyids"))
+        {
+          flags |= GPGME_ENCRYPT_THROW_KEYIDS;
+          argc--; argv++;
+        }
       else if (!strcmp (*argv, "--loopback"))
         {
           use_loopback = 1;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gpgme.git



More information about the Pkg-gnupg-commit mailing list