In T3464 is is described how you can do it. Sure, in your case you want to have a home directory so that the agent and pinentry can work. --no-keyring makes sure that a decryption with a private key can't happen. How we have the cache for symmetric encrypted data which you can disable with --no-symkey-cache.

I'm sorry but the explanation you give does not address the original issue I described, and which dkg then clarified. The discussion about AE is tangentially related, but the issue I described relates to the gpg interface:

--verify-files is mostly useful for scripting and and not for manual checking. With scripting etc you always need to use --status-fd and with that you get:

To use encryption and for both purposes: encryption and authentication.

I was already implementing a --no-homedir when I figured that we have --no-keyring. Using that with any homedir fulfills the requested purpose.

Hooray!

We are actually in the final release preparation and just waiting for GnuPG 2.2.10. If everything goes well it will be released this week. If not, next week.

Sweet, thank you! Any estimate on when that might come out?

yes

excellent - will this be includedin gpg4win 3.1.3?

Thanks. I can work with that. It is indeed clearly visible what the "Sent on behalf of" address is. So it makes sense to check that, too.

Sent two messages to the test mailinglist. Please let me know if you need / want more.

Will be in 2.2.10

Thank you!

Will be in 2.2.10

Yes that would work for me and the pgp key is the right one. Thanks!

In gniibe/pkg-config-support branch of libgpg-error, I put my attempt to the improvement.
Now, gpg-error-config is a shell script which uses gpg-error.pc.
This way, we can avoid to introduce more of our local incompatible change against pkg-config, keeping pkg-config style easier.
Now, we have incompatible things: --mt and --host, I'd like to encourage to switch to new compatible use of --variable=mtlibs, --variable=mtcflags, and --variable=host.

Actually, I can add you to a test mailinglist and send you a signed message tomorrow, would that work?

Ok! If outlook shows it we should verify it.

Hi Andre!

The question is now to model the API for this. For 0x02 it seems to be pretty clear: We assume it is a detached signature on a zero length file and make sure that no signed file is given.

This was actually reported against 2.0.31 which reached EOL 8 months ago.

Backport done for 2.2.10

With -beta24 the crash on send should also be gone. I've removed the option for the workaround as I expect that it is no longer necessary. (Yeah I'm an Optimist :-P )

AFAICS this is now implemented. We have the option --with-key-origin and even support in GPGME.

Without KEYLIST_MODE_WKD I also can't implement the desired behavior in a MUA using GnuPG.

Why the restriction to keyorg wkd ?

Done. To be released with 2.2.10.

FWIW, we record the origin of the keys. So you have the information. Use --with-key-origin in a key listing. GPGME also has the info.

T4026 is a bit related. I'm suprised that the signature check for mailman mails works at all for you ;-)

Thanks for the input. GpgOL should check against what outlook shows as the "From" Address. In your case: What does Outlook show? Is it "info@example.org" or "puppets-bounces" ?