From dbf52bb4b48748586bb6343ae4ad6d424f0631ac Mon Sep 17 00:00:00 2001
From: Tim Culverhouse <tim@timculverhouse.com>
Date: Fri, 29 Apr 2022 11:19:52 -0500
Subject: [PATCH] pgp: check for signing key before signing time

Check that the signing key exists when the user issues the :sign
command. The signing key ID will be displayed in the security status
also, allowing the user to see what key will be used to sign the
message.

Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Tested-by: Jens Grassel <jens@wegtam.com>
---
 commands/compose/sign.go        |  5 ++++-
 lib/crypto/crypto.go            |  1 +
 lib/crypto/gpg/gpg.go           |  4 ++++
 lib/crypto/gpg/gpgbin/gpgbin.go | 23 +++++++++++++++++++++
 lib/crypto/gpg/gpgbin/keys.go   | 13 ++++++++++++
 lib/crypto/pgp/pgp.go           | 18 +++++++++++++++++
 widgets/compose.go              | 36 +++++++++++++++++++++++++++------
 7 files changed, 93 insertions(+), 7 deletions(-)
 create mode 100644 lib/crypto/gpg/gpgbin/keys.go

diff --git a/commands/compose/sign.go b/commands/compose/sign.go
index eb985e9..635b07c 100644
--- a/commands/compose/sign.go
+++ b/commands/compose/sign.go
@@ -28,7 +28,10 @@ func (Sign) Execute(aerc *widgets.Aerc, args []string) error {
 
 	composer, _ := aerc.SelectedTab().(*widgets.Composer)
 
-	composer.SetSign(!composer.Sign())
+	err := composer.SetSign(!composer.Sign())
+	if err != nil {
+		return err
+	}
 
 	var statusline string
 
diff --git a/lib/crypto/crypto.go b/lib/crypto/crypto.go
index 47eca99..cab9346 100644
--- a/lib/crypto/crypto.go
+++ b/lib/crypto/crypto.go
@@ -19,6 +19,7 @@ type Provider interface {
 	ImportKeys(io.Reader) error
 	Init(*log.Logger) error
 	Close()
+	GetSignerKeyId(string) (string, error)
 }
 
 func New(s string) Provider {
diff --git a/lib/crypto/gpg/gpg.go b/lib/crypto/gpg/gpg.go
index 66cd372..457788d 100644
--- a/lib/crypto/gpg/gpg.go
+++ b/lib/crypto/gpg/gpg.go
@@ -51,6 +51,10 @@ func (m *Mail) Sign(buf *bytes.Buffer, signer string, decryptKeys openpgp.Prompt
 
 func (m *Mail) Close() {}
 
+func (m *Mail) GetSignerKeyId(s string) (string, error) {
+	return gpgbin.GetPrivateKeyId(s)
+}
+
 func handleSignatureError(e string) models.SignatureValidity {
 	if e == "gpg: missing public key" {
 		return models.UnknownEntity
diff --git a/lib/crypto/gpg/gpgbin/gpgbin.go b/lib/crypto/gpg/gpgbin/gpgbin.go
index da046f4..3ee8139 100644
--- a/lib/crypto/gpg/gpgbin/gpgbin.go
+++ b/lib/crypto/gpg/gpgbin/gpgbin.go
@@ -77,6 +77,29 @@ func getIdentity(key uint64) string {
 	return ""
 }
 
+// getKeyId returns the 16 digit key id, if key exists
+func getKeyId(s string, private bool) string {
+	cmd := exec.Command("gpg", "--with-colons", "--batch")
+	listArg := "--list-keys"
+	if private {
+		listArg = "--list-secret-keys"
+	}
+	cmd.Args = append(cmd.Args, listArg, s)
+
+	var outbuf strings.Builder
+	cmd.Stdout = &outbuf
+	cmd.Run()
+	out := strings.Split(outbuf.String(), "\n")
+	for _, line := range out {
+		if strings.HasPrefix(line, "fpr") {
+			flds := strings.Split(line, ":")
+			id := flds[9]
+			return id[len(id)-16:]
+		}
+	}
+	return ""
+}
+
 // longKeyToUint64 returns a uint64 version of the given key
 func longKeyToUint64(key string) (uint64, error) {
 	fpr := string(key[len(key)-16:])
diff --git a/lib/crypto/gpg/gpgbin/keys.go b/lib/crypto/gpg/gpgbin/keys.go
new file mode 100644
index 0000000..660ce82
--- /dev/null
+++ b/lib/crypto/gpg/gpgbin/keys.go
@@ -0,0 +1,13 @@
+package gpgbin
+
+import "fmt"
+
+// GetPrivateKeyId runs gpg --list-secret-keys s
+func GetPrivateKeyId(s string) (string, error) {
+	private := true
+	id := getKeyId(s, private)
+	if id == "" {
+		return "", fmt.Errorf("no private key found")
+	}
+	return id, nil
+}
diff --git a/lib/crypto/pgp/pgp.go b/lib/crypto/pgp/pgp.go
index 92a15ee..e0c5671 100644
--- a/lib/crypto/pgp/pgp.go
+++ b/lib/crypto/pgp/pgp.go
@@ -245,6 +245,24 @@ func (m *Mail) getSigner(signer string, decryptKeys openpgp.PromptFunction) (sig
 	return signerEntity, nil
 }
 
+func (m *Mail) GetSignerKeyId(s string) (string, error) {
+	var err error
+	var signerEntity *openpgp.Entity
+	switch strings.Contains(s, "@") {
+	case true:
+		signerEntity, err = m.getSignerEntityByEmail(s)
+		if err != nil {
+			return "", err
+		}
+	case false:
+		signerEntity, err = m.getSignerEntityByKeyId(s)
+		if err != nil {
+			return "", err
+		}
+	}
+	return signerEntity.PrimaryKey.KeyIdString(), nil
+}
+
 func handleSignatureError(e string) models.SignatureValidity {
 	if e == "openpgp: signature made by unknown entity" {
 		return models.UnknownEntity
diff --git a/widgets/compose.go b/widgets/compose.go
index b956abc..d9080d1 100644
--- a/widgets/compose.go
+++ b/widgets/compose.go
@@ -176,10 +176,14 @@ func (c *Composer) Sent() bool {
 	return c.sent
 }
 
-func (c *Composer) SetSign(sign bool) *Composer {
+func (c *Composer) SetSign(sign bool) error {
 	c.sign = sign
-	c.updateCrypto()
-	return c
+	err := c.updateCrypto()
+	if err != nil {
+		c.sign = !sign
+		return fmt.Errorf("Cannot sign message: %v", err)
+	}
+	return nil
 }
 
 func (c *Composer) Sign() bool {
@@ -196,18 +200,36 @@ func (c *Composer) Encrypt() bool {
 	return c.encrypt
 }
 
-func (c *Composer) updateCrypto() {
+func (c *Composer) updateCrypto() error {
 	if c.crypto == nil {
 		c.crypto = newCryptoStatus(&c.config.Ui)
 	}
+	var err error
+	// Check if signKey is empty so we only run this once
+	if c.sign && c.crypto.signKey == "" {
+		cp := c.aerc.Crypto
+		var s string
+		if c.acctConfig.PgpKeyId != "" {
+			s = c.acctConfig.PgpKeyId
+		} else {
+			s, err = getSenderEmail(c)
+			if err != nil {
+				return err
+			}
+		}
+		c.crypto.signKey, err = cp.GetSignerKeyId(s)
+		if err != nil {
+			return err
+		}
+	}
 	crHeight := 0
 	st := ""
 	switch {
 	case c.sign && c.encrypt:
-		st = "Sign & Encrypt"
+		st = fmt.Sprintf("Sign (%s) & Encrypt", c.crypto.signKey)
 		crHeight = 1
 	case c.sign:
-		st = "Sign"
+		st = fmt.Sprintf("Sign (%s)", c.crypto.signKey)
 		crHeight = 1
 	case c.encrypt:
 		st = "Encrypt"
@@ -224,6 +246,7 @@ func (c *Composer) updateCrypto() {
 		{Strategy: ui.SIZE_WEIGHT, Size: ui.Const(1)},
 	})
 	c.grid.AddChild(c.crypto).At(1, 0)
+	return nil
 }
 
 // Note: this does not reload the editor. You must call this before the first
@@ -1062,6 +1085,7 @@ type cryptoStatus struct {
 	title    string
 	status   *ui.Text
 	uiConfig *config.UIConfig
+	signKey  string
 }
 
 func newCryptoStatus(uiConfig *config.UIConfig) *cryptoStatus {