[Pkg-gnupg-commit] [gpgme] 109/132: core: New encryption flag GPGME_ENCRYPT_THROW_KEYIDS.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Apr 26 01:01:36 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gpgme.
commit fab8b1a166fff7265d8a7a7acbbf5f30d26cc93c
Author: Werner Koch <wk at gnupg.org>
Date: Tue Mar 21 10:39:33 2017 +0100
core: New encryption flag GPGME_ENCRYPT_THROW_KEYIDS.
* src/gpgme.h.in (GPGME_ENCRYPT_THROW_KEYIDS): New flag.
* src/engine-gpg.c (gpg_encrypt): Implement flag
(gpg_encrypt_sign): Implement flag.
* tests/run-encrypt.c (main): New option --throw-keyids.
--
It would be nice to also selectively hide recipients (that is gpg
--hidden-recipient) but our API does not ye allow this because it is
based on key objects. A possible way to implement that would be a API
to set processing flags into a key but this is complicated due to the
reference counting and thus the possibility that a key object is used
by different context.
Signed-off-by: Werner Koch <wk at gnupg.org>
---
NEWS | 3 ++-
doc/gpgme.texi | 9 ++++++++-
src/engine-gpg.c | 6 ++++++
src/gpgme.h.in | 3 ++-
tests/run-encrypt.c | 6 ++++++
5 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/NEWS b/NEWS
index cf02fc2..7ad1188 100644
--- a/NEWS
+++ b/NEWS
@@ -12,7 +12,8 @@ Noteworthy changes in version 1.8.1 (unreleased)
GPGME_CREATE_NOEXPIRE NEW.
gpgme_subkey_t EXTENDED: New field is_de_vs.
gpgme_op_keylist_from_data_start NEW.
- gpgme_data_rewind UN-DEPRECATE.
+ GPGME_ENCRYPT_THROW_KEYIDS NEW.
+ gpgme_data_rewind UN-DEPRECATE
cpp: Context::revUid(const Key&, const char*) NEW.
cpp: Context::startRevUid(const Key&, const char*) NEW.
cpp: Context::addUid(const Key&, const char*) NEW.
diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index edcbb98..a4ab5c4 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -5565,10 +5565,17 @@ also expect a sign command.
@item GPGME_ENCRYPT_SYMMETRIC
The @code{GPGME_ENCRYPT_SYMMETRIC} symbol specifies that the
-output should be additionally encrypted symmetically even
+output should be additionally encrypted symmetrically even
if recipients are provided. This feature is only supported for
for the OpenPGP crypto engine.
+ at item GPGME_ENCRYPT_THROW_KEYIDS
+The @code{GPGME_ENCRYPT_THROW_KEYIDS} symbols requests that the
+identifiers for the decrption keys are not included in the ciphertext.
+On the receiving side, the use of this flag may slow down the
+decryption process because all available secret keys must be tried.
+This flag is only honored for OpenPGP encryption.
+
@end table
If @code{GPG_ERR_UNUSABLE_PUBKEY} is returned, some recipients in
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 4b87a8a..6024529 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -1860,6 +1860,9 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], gpgme_encrypt_flags_t flags,
if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS))
err = add_arg (gpg, "--compress-algo=none");
+ if (!err && (flags & GPGME_ENCRYPT_THROW_KEYIDS))
+ err = add_arg (gpg, "--throw-keyids");
+
if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME
&& have_gpg_version (gpg, "2.1.14"))
err = add_arg (gpg, "--mimemode");
@@ -1929,6 +1932,9 @@ gpg_encrypt_sign (void *engine, gpgme_key_t recp[],
if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS))
err = add_arg (gpg, "--compress-algo=none");
+ if (!err && (flags & GPGME_ENCRYPT_THROW_KEYIDS))
+ err = add_arg (gpg, "--throw-keyids");
+
if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME
&& have_gpg_version (gpg, "2.1.14"))
err = add_arg (gpg, "--mimemode");
diff --git a/src/gpgme.h.in b/src/gpgme.h.in
index 2cf096b..16191eb 100644
--- a/src/gpgme.h.in
+++ b/src/gpgme.h.in
@@ -1237,7 +1237,8 @@ typedef enum
GPGME_ENCRYPT_PREPARE = 4,
GPGME_ENCRYPT_EXPECT_SIGN = 8,
GPGME_ENCRYPT_NO_COMPRESS = 16,
- GPGME_ENCRYPT_SYMMETRIC = 32
+ GPGME_ENCRYPT_SYMMETRIC = 32,
+ GPGME_ENCRYPT_THROW_KEYIDS = 64
}
gpgme_encrypt_flags_t;
diff --git a/tests/run-encrypt.c b/tests/run-encrypt.c
index fd86836..c148e93 100644
--- a/tests/run-encrypt.c
+++ b/tests/run-encrypt.c
@@ -88,6 +88,7 @@ show_usage (int ex)
" --uiserver use the UI server\n"
" --loopback use a loopback pinentry\n"
" --key NAME encrypt to key NAME\n"
+ " --throw-keyids use this option\n"
" --symmetric encrypt symmetric (OpenPGP only)\n"
, stderr);
exit (ex);
@@ -170,6 +171,11 @@ main (int argc, char **argv)
keyargs[keycount++] = *argv;
argc--; argv++;
}
+ else if (!strcmp (*argv, "--throw-keyids"))
+ {
+ flags |= GPGME_ENCRYPT_THROW_KEYIDS;
+ argc--; argv++;
+ }
else if (!strcmp (*argv, "--loopback"))
{
use_loopback = 1;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gpgme.git
More information about the Pkg-gnupg-commit
mailing list