On Sat 2018-02-03 18:48:26 +0000, Jeffrey Stedfast wrote:
I've added code locally to set offline mode but reading the docs: https://www.gnupg.org/documentation/manuals/gpgme/Offline-Mode.html it suggests that setting offline mode only works for CMS and not OpenPGP? Can anyone from the GPGME team verify this? If so, I'll drop the flags that would indicate that this works in OpenPGP mode.
hm, it's not just "only CMS" -- it says:
Offline mode only affects the keylist mode
GPGME_KEYLIST_MODE_VALIDATE and is only relevant to the CMS crypto
engine. Offline mode is ignored otherwise.
in which case, that might mean that it doesn't affect signature
verification at all. :(
GnuPG folks -- what is the best way for a user of GPGME to avoid
metadata leakage in this scenario as a default configuration?
--dkg
Attachment:
signature.asc
Description: PGP signature