gpg4libre - tdf#113188 add option for minimal PGPKeyPacket

Change-Id: I660e68074616f6953e6527e40ec22276ce8ef2fb
Reviewed-on: https://gerrit.libreoffice.org/43492Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>

external/gpgme/UnpackedTarball_gpgme.mk

@@ -16,5 +16,6 @@ $(eval $(call gb_UnpackedTarball_set_patchlevel,gpgme,0))
 $(eval $(call gb_UnpackedTarball_add_patches,gpgme, \
     external/gpgme/find-libgpg-error-libassuan.patch \
     external/gpgme/fix-autoconf-macros.patch \
+    external/gpgme/add-minimal-keyexport.patch \
 ))
 # vim: set noet sw=4 ts=4:

external/gpgme/add-minimal-keyexport.patch

+--- lang/cpp/src/context.h.bak	2017-10-18 12:28:00.898945587 +0200
++++ lang/cpp/src/context.h	2017-10-18 12:28:35.794832395 +0200
+@@ -178,10 +178,10 @@
+     // Key Export
+     //
+ 
+-    GpgME::Error exportPublicKeys(const char *pattern, Data &keyData);
+-    GpgME::Error exportPublicKeys(const char *pattern[], Data &keyData);
+-    GpgME::Error startPublicKeyExport(const char *pattern, Data &keyData);
+-    GpgME::Error startPublicKeyExport(const char *pattern[], Data &keyData);
++    GpgME::Error exportPublicKeys(const char *pattern, Data &keyData, bool minimal=false);
++    GpgME::Error exportPublicKeys(const char *pattern[], Data &keyData, bool minimal=false);
++    GpgME::Error startPublicKeyExport(const char *pattern, Data &keyData, bool minimal=false);
++    GpgME::Error startPublicKeyExport(const char *pattern[], Data &keyData, bool minimal=false);
+ 
+     //
+     // Key Import
+--- lang/cpp/src/context.cpp.bak	2017-10-18 12:27:50.830978224 +0200
++++ lang/cpp/src/context.cpp	2017-10-18 12:30:13.278515603 +0200
+@@ -557,14 +557,14 @@
+     }
+ }
+ 
+-Error Context::exportPublicKeys(const char *pattern, Data &keyData)
++Error Context::exportPublicKeys(const char *pattern, Data &keyData, bool minimal)
+ {
+     d->lastop = Private::Export;
+     Data::Private *const dp = keyData.impl();
+-    return Error(d->lasterr = gpgme_op_export(d->ctx, pattern, 0, dp ? dp->data : 0));
++    return Error(d->lasterr = gpgme_op_export(d->ctx, pattern, minimal ? GPGME_EXPORT_MODE_MINIMAL : 0, dp ? dp->data : 0));
+ }
+ 
+-Error Context::exportPublicKeys(const char *patterns[], Data &keyData)
++Error Context::exportPublicKeys(const char *patterns[], Data &keyData, bool minimal)
+ {
+     d->lastop = Private::Export;
+ #ifndef HAVE_GPGME_EXT_KEYLIST_MODE_EXTERNAL_NONBROKEN
+@@ -574,17 +574,17 @@
+     }
+ #endif
+     Data::Private *const dp = keyData.impl();
+-    return Error(d->lasterr = gpgme_op_export_ext(d->ctx, patterns, 0, dp ? dp->data : 0));
++    return Error(d->lasterr = gpgme_op_export_ext(d->ctx, patterns, minimal ? GPGME_EXPORT_MODE_MINIMAL : 0, dp ? dp->data : 0));
+ }
+ 
+-Error Context::startPublicKeyExport(const char *pattern, Data &keyData)
++Error Context::startPublicKeyExport(const char *pattern, Data &keyData, bool minimal)
+ {
+     d->lastop = Private::Export;
+     Data::Private *const dp = keyData.impl();
+-    return Error(d->lasterr = gpgme_op_export_start(d->ctx, pattern, 0, dp ? dp->data : 0));
++    return Error(d->lasterr = gpgme_op_export_start(d->ctx, pattern, minimal ? GPGME_EXPORT_MODE_MINIMAL : 0, dp ? dp->data : 0));
+ }
+ 
+-Error Context::startPublicKeyExport(const char *patterns[], Data &keyData)
++Error Context::startPublicKeyExport(const char *patterns[], Data &keyData, bool minimal)
+ {
+     d->lastop = Private::Export;
+ #ifndef HAVE_GPGME_EXT_KEYLIST_MODE_EXTERNAL_NONBROKEN
+@@ -594,7 +594,7 @@
+     }
+ #endif
+     Data::Private *const dp = keyData.impl();
+-    return Error(d->lasterr = gpgme_op_export_ext_start(d->ctx, patterns, 0, dp ? dp->data : 0));
++    return Error(d->lasterr = gpgme_op_export_ext_start(d->ctx, patterns, minimal ? GPGME_EXPORT_MODE_MINIMAL : 0, dp ? dp->data : 0));
+ }
+ 
+ ImportResult Context::importKeys(const Data &data)

officecfg/registry/schema/org/openoffice/Office/Common.xcs

@@ -2460,6 +2460,19 @@
         </info>
         <value>true</value>
       </prop>
+      <group oor:name="OpenPGP">
+        <info>
+          <desc>Contains security settings regarding the GnuPG/OpenPGP backend.</desc>
+        </info>
+        <prop oor:name="MinimalKeyExport" oor:type="xs:boolean" oor:nillable="false">
+          <info>
+            <desc>Determines if the PGPKeyPacket element on signed
+            documents will contain the full public key (default), or
+            the potentially much smaller minimal one, without any signatures.</desc>
+          </info>
+          <value>false</value>
+        </prop>
+      </group>
       <group oor:name="Scripting">
         <info>
           <desc>Contains security settings regarding Basic scripts.</desc>

xmlsecurity/source/gpg/CertificateImpl.cxx

@@ -13,6 +13,7 @@
 #include <comphelper/sequence.hxx>
 
 #include <com/sun/star/security/KeyUsage.hpp>
+#include <officecfg/Office/Common.hxx>
 
 #include <gpgme.h>
 #include <context.h>
@@ -212,7 +213,10 @@ void CertificateImpl::setCertificate(GpgME::Context* ctx, const GpgME::Key& key)
     // extract key data, store into m_aBits
     GpgME::Data data_out;
     ctx->setArmor(false); // caller will base64-encode anyway
-    GpgME::Error err = ctx->exportPublicKeys(key.primaryFingerprint(), data_out);
+    GpgME::Error err = ctx->exportPublicKeys(
+        key.primaryFingerprint(),
+        data_out,
+        officecfg::Office::Common::Security::OpenPGP::MinimalKeyExport::get());
 
     if (err)
         throw RuntimeException("The GpgME library failed to retrieve the public key");