gpg4libre - tdf#113188 add option for minimal PGPKeyPacket

Change-Id: I660e68074616f6953e6527e40ec22276ce8ef2fb Reviewed-on: https://gerrit.libreoffice.org/43492 Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de> Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
author: Thorsten Behrens <Thorsten.Behrens@CIB.de> 2017-10-18 12:48:55 +0200
committer: Thorsten Behrens <Thorsten.Behrens@CIB.de> 2017-10-18 15:06:07 +0200
commit: 7b00829e27b0a26e9fa8d06bb651134f03a466e9 (patch)
tree: 0ebe0b0963112f7c7422fce116a159a2504b91ee
parent: 811e636d920ee96e7ebd120b3931cb3da43d0143 (diff)
4 files changed, 87 insertions, 1 deletions
diff --git a/external/gpgme/UnpackedTarball_gpgme.mk b/external/gpgme/UnpackedTarball_gpgme.mk
index ca9fd79feaab..15259971f798 100644
--- a/external/gpgme/UnpackedTarball_gpgme.mk
+++ b/external/gpgme/UnpackedTarball_gpgme.mk
@@ -16,5 +16,6 @@ $(eval $(call gb_UnpackedTarball_set_patchlevel,gpgme,0))
 $(eval $(call gb_UnpackedTarball_add_patches,gpgme, \
     external/gpgme/find-libgpg-error-libassuan.patch \
     external/gpgme/fix-autoconf-macros.patch \
+    external/gpgme/add-minimal-keyexport.patch \
 ))
 # vim: set noet sw=4 ts=4:
diff --git a/external/gpgme/add-minimal-keyexport.patch b/external/gpgme/add-minimal-keyexport.patch
new file mode 100644
index 000000000000..abaeb15897fc
--- /dev/null
+++ b/external/gpgme/add-minimal-keyexport.patch
@@ -0,0 +1,68 @@
+--- lang/cpp/src/context.h.bak	2017-10-18 12:28:00.898945587 +0200
++++ lang/cpp/src/context.h	2017-10-18 12:28:35.794832395 +0200
+@@ -178,10 +178,10 @@
+     // Key Export
+     //
+ 
+-    GpgME::Error exportPublicKeys(const char *pattern, Data &keyData);
+-    GpgME::Error exportPublicKeys(const char *pattern[], Data &keyData);
+-    GpgME::Error startPublicKeyExport(const char *pattern, Data &keyData);
+-    GpgME::Error startPublicKeyExport(const char *pattern[], Data &keyData);
++    GpgME::Error exportPublicKeys(const char *pattern, Data &keyData, bool minimal=false);
++    GpgME::Error exportPublicKeys(const char *pattern[], Data &keyData, bool minimal=false);
++    GpgME::Error startPublicKeyExport(const char *pattern, Data &keyData, bool minimal=false);
++    GpgME::Error startPublicKeyExport(const char *pattern[], Data &keyData, bool minimal=false);
+ 
+     //
+     // Key Import
+--- lang/cpp/src/context.cpp.bak	2017-10-18 12:27:50.830978224 +0200
++++ lang/cpp/src/context.cpp	2017-10-18 12:30:13.278515603 +0200
+@@ -557,14 +557,14 @@
+     }
+ }
+ 
+-Error Context::exportPublicKeys(const char *pattern, Data &keyData)
++Error Context::exportPublicKeys(const char *pattern, Data &keyData, bool minimal)
+ {
+     d->lastop = Private::Export;
+     Data::Private *const dp = keyData.impl();
+-    return Error(d->lasterr = gpgme_op_export(d->ctx, pattern, 0, dp ? dp->data : 0));
++    return Error(d->lasterr = gpgme_op_export(d->ctx, pattern, minimal ? GPGME_EXPORT_MODE_MINIMAL : 0, dp ? dp->data : 0));
+ }
+ 
+-Error Context::exportPublicKeys(const char *patterns[], Data &keyData)
++Error Context::exportPublicKeys(const char *patterns[], Data &keyData, bool minimal)
+ {
+     d->lastop = Private::Export;
+ #ifndef HAVE_GPGME_EXT_KEYLIST_MODE_EXTERNAL_NONBROKEN
+@@ -574,17 +574,17 @@
+     }
+ #endif
+     Data::Private *const dp = keyData.impl();
+-    return Error(d->lasterr = gpgme_op_export_ext(d->ctx, patterns, 0, dp ? dp->data : 0));
++    return Error(d->lasterr = gpgme_op_export_ext(d->ctx, patterns, minimal ? GPGME_EXPORT_MODE_MINIMAL : 0, dp ? dp->data : 0));
+ }
+ 
+-Error Context::startPublicKeyExport(const char *pattern, Data &keyData)
++Error Context::startPublicKeyExport(const char *pattern, Data &keyData, bool minimal)
+ {
+     d->lastop = Private::Export;
+     Data::Private *const dp = keyData.impl();
+-    return Error(d->lasterr = gpgme_op_export_start(d->ctx, pattern, 0, dp ? dp->data : 0));
++    return Error(d->lasterr = gpgme_op_export_start(d->ctx, pattern, minimal ? GPGME_EXPORT_MODE_MINIMAL : 0, dp ? dp->data : 0));
+ }
+ 
+-Error Context::startPublicKeyExport(const char *patterns[], Data &keyData)
++Error Context::startPublicKeyExport(const char *patterns[], Data &keyData, bool minimal)
+ {
+     d->lastop = Private::Export;
+ #ifndef HAVE_GPGME_EXT_KEYLIST_MODE_EXTERNAL_NONBROKEN
+@@ -594,7 +594,7 @@
+     }
+ #endif
+     Data::Private *const dp = keyData.impl();
+-    return Error(d->lasterr = gpgme_op_export_ext_start(d->ctx, patterns, 0, dp ? dp->data : 0));
++    return Error(d->lasterr = gpgme_op_export_ext_start(d->ctx, patterns, minimal ? GPGME_EXPORT_MODE_MINIMAL : 0, dp ? dp->data : 0));
+ }
+ 
+ ImportResult Context::importKeys(const Data &data)
diff --git a/officecfg/registry/schema/org/openoffice/Office/Common.xcs b/officecfg/registry/schema/org/openoffice/Office/Common.xcs
index 118700782343..01651dabe8f5 100644
--- a/officecfg/registry/schema/org/openoffice/Office/Common.xcs
+++ b/officecfg/registry/schema/org/openoffice/Office/Common.xcs
@@ -2460,6 +2460,19 @@
         </info>
         <value>true</value>
       </prop>
+      <group oor:name="OpenPGP">
+        <info>
+          <desc>Contains security settings regarding the GnuPG/OpenPGP backend.</desc>
+        </info>
+        <prop oor:name="MinimalKeyExport" oor:type="xs:boolean" oor:nillable="false">
+          <info>
+            <desc>Determines if the PGPKeyPacket element on signed
+            documents will contain the full public key (default), or
+            the potentially much smaller minimal one, without any signatures.</desc>
+          </info>
+          <value>false</value>
+        </prop>
+      </group>
       <group oor:name="Scripting">
         <info>
           <desc>Contains security settings regarding Basic scripts.</desc>
diff --git a/xmlsecurity/source/gpg/CertificateImpl.cxx b/xmlsecurity/source/gpg/CertificateImpl.cxx
index 49674f877956..6d06b24c3a2a 100644
--- a/xmlsecurity/source/gpg/CertificateImpl.cxx
+++ b/xmlsecurity/source/gpg/CertificateImpl.cxx
@@ -13,6 +13,7 @@
 #include <comphelper/sequence.hxx>
 
 #include <com/sun/star/security/KeyUsage.hpp>
+#include <officecfg/Office/Common.hxx>
 
 #include <gpgme.h>
 #include <context.h>
@@ -212,7 +213,10 @@ void CertificateImpl::setCertificate(GpgME::Context* ctx, const GpgME::Key& key)
     // extract key data, store into m_aBits
     GpgME::Data data_out;
     ctx->setArmor(false); // caller will base64-encode anyway
-    GpgME::Error err = ctx->exportPublicKeys(key.primaryFingerprint(), data_out);
+    GpgME::Error err = ctx->exportPublicKeys(
+        key.primaryFingerprint(),
+        data_out,
+        officecfg::Office::Common::Security::OpenPGP::MinimalKeyExport::get());
 
     if (err)
         throw RuntimeException("The GpgME library failed to retrieve the public key");
author	Thorsten Behrens <Thorsten.Behrens@CIB.de>	2017-10-18 12:48:55 +0200
committer	Thorsten Behrens <Thorsten.Behrens@CIB.de>	2017-10-18 15:06:07 +0200
commit	7b00829e27b0a26e9fa8d06bb651134f03a466e9 (patch)
tree	0ebe0b0963112f7c7422fce116a159a2504b91ee
parent	811e636d920ee96e7ebd120b3931cb3da43d0143 (diff)