[gmime: 2/23] GPGME: User ID != Key ID

[Jeffrey Stedfast <fejj src gnome org>]

commit a1681707acf016294a99e5ce7e4041820253698e
Author: Daniel Kahn Gillmor <dkg fifthhorseman net>
Date:   Sun Oct 15 23:29:42 2017 -0400

    GPGME: User ID != Key ID
    
    gpgme_signature_t objects refer to public keys (aka "OpenPGP
    certificates"), key IDs, and fingerprints.
    
    However, a Key ID is not the same thing as a User ID.
    
    In practice, GMime was confusing things by storing the User ID in the
    Key ID field when returing GMimeSignatureList objects from a signed
    message, because it was also using the Key ID field as an actual Key
    ID when returning the list of recipients of an encrypted message.
    
    This meant that users of a GMimeCertificate object couldn't depend on
    the keyid field meaning the same tihng depending on where the
    GMimeCertificate object came from.
    
    gpgme's info pages say the following for a gpgme_signature_t struct:
    
         char *fpr
              This is the fingerprint or key ID of the signature.
    
    in OpenPGP, the key ID is just a truncated fingerprint, so it isn't
    unreasonable to store both values in the same spot: the fingerprint,
    if the full thing is available, and the key ID if it is not.
    
    This change avoids storing the User ID as a Key ID.  A subsequent
    change will extend GMimeCertificate to contain the full User ID when
    available.  (note that the User ID is often some combination of the
    "name" and "email" fields, though it may be more than that (or
    entirely distinct) as well.

 gmime/gmime-gpgme-utils.c |    8 +++-----
 1 files changed, 3 insertions(+), 5 deletions(-)
---
diff --git a/gmime/gmime-gpgme-utils.c b/gmime/gmime-gpgme-utils.c
index a78f93d..6e113ef 100644
--- a/gmime/gmime-gpgme-utils.c
+++ b/gmime/gmime-gpgme-utils.c
@@ -290,6 +290,7 @@ g_mime_gpgme_get_signatures (gpgme_ctx_t ctx, gboolean verify)
                g_mime_certificate_set_pubkey_algo (signature->cert, (GMimePubKeyAlgo) sig->pubkey_algo);
                g_mime_certificate_set_digest_algo (signature->cert, (GMimeDigestAlgo) sig->hash_algo);
                g_mime_certificate_set_fingerprint (signature->cert, sig->fpr);
+               g_mime_certificate_set_key_id (signature->cert, sig->fpr);
                
                if (gpgme_get_key (ctx, sig->fpr, &key, 0) == GPG_ERR_NO_ERROR && key) {
                        /* get more signer info from their signing key */
@@ -297,7 +298,7 @@ g_mime_gpgme_get_signatures (gpgme_ctx_t ctx, gboolean verify)
                        g_mime_certificate_set_issuer_serial (signature->cert, key->issuer_serial);
                        g_mime_certificate_set_issuer_name (signature->cert, key->issuer_name);
                        
-                       /* get the keyid, name, and email address */
+                       /* get the name and email address */
                        uid = key->uids;
                        while (uid) {
                                if (uid->name && *uid->name)
@@ -306,10 +307,7 @@ g_mime_gpgme_get_signatures (gpgme_ctx_t ctx, gboolean verify)
                                if (uid->email && *uid->email)
                                        g_mime_certificate_set_email (signature->cert, uid->email);
                                
-                               if (uid->uid && *uid->uid)
-                                       g_mime_certificate_set_key_id (signature->cert, uid->uid);
-                               
-                               if (signature->cert->name && signature->cert->email && signature->cert->keyid)
+                               if (signature->cert->name && signature->cert->email)
                                        break;
                                
                                uid = uid->next;