pgp: PGP/MIME signing for outgoing emails

implements PGP/MIME signing with go-pgpmail. The Sign() function of
go-pgpmail requires a private (signing) key. The signing key which matches
the senders email address (from field in email header) is looked up
in aerc's copy of the keyring.

Private keys can be exported from gpg into aerc as follows:
$ gpg --export-secret-keys  >> ~/.local/share/aerc/keyring.asc

A message is signed with the ":sign" command. The sign command sets
a bool flag in the Composer struct. Using the command repeatedly will
toggle the flag.

References: https://todo.sr.ht/~rjarry/aerc/6
Signed-off-by: Koni Marti <koni.marti@gmail.com>

1 files changed, 14 insertions, 0 deletions

diff --git a/lib/keystore.go b/lib/keystore.go
index df048f4f..c2110676 100644
--- a/lib/keystore.go
+++ b/lib/keystore.go
@@ -1,6 +1,7 @@
 package lib
 
 import (
+	"fmt"
 	"io"
 	"os"
 	"path"
@@ -52,6 +53,19 @@ func UnlockKeyring() {
 	os.Remove(lockpath)
 }
 
+func GetSignerEntityByEmail(email string) (e *openpgp.Entity, err error) {
+	for _, key := range Keyring.DecryptionKeys() {
+		if key.Entity == nil {
+			continue
+		}
+		ident := key.Entity.PrimaryIdentity()
+		if ident != nil && ident.UserId.Email == email {
+			return key.Entity, nil
+		}
+	}
+	return nil, fmt.Errorf("entity not found in keyring")
+}
+
 func ImportKeys(r io.Reader) error {
 	keys, err := openpgp.ReadKeyRing(r)
 	if err != nil {