gpg: New option --assert-signer.

* g10/gpg.c (enum cmd_and_opt_values): Add oAssertSigner.
(opts): Add "assert-signer".
(main): Set option.
(assert_signer_true): New var.
(g10_exit): Evaluate new var.
* g10/main.h (assert_signer_true): Declare new var.
* common/status.h (STATUS_ASSERT_SIGNER): New.
* g10/options.h (opt): Add field assert_signer_list.
* g10/verify.c (is_fingerprint): New.
(check_assert_signer_list): New.
* g10/mainproc.c (check_sig_and_print): Call that function.  Clear
assert_signer_true on a warning.

* g10/gpgv.c: Add dummy function and vars.
* g10/t-keydb-get-keyblock.c: Ditto.
* g10/t-keydb.c: Ditto.
* g10/t-stutter.c: Ditto.
--

2 files changed, 28 insertions, 9 deletions

diff --git a/doc/DETAILS b/doc/DETAILS
index eee640a01..fd95e511c 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -522,6 +522,11 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
     Epoch or an ISO 8601 string which can be detected by the presence
     of the letter 'T'.
 
+*** ASSERT_SIGNER <fingerprint>
+    This is emitted for the matching <fingerprint> when option
+    --assert-signer is used.  The fingerprint is printed with
+    uppercase hex digits.
+
 *** SIG_ID  <radix64_string>  <sig_creation_date>  <sig-timestamp>
     This is emitted only for signatures of class 0 or 1 which have
     been verified okay.  The string is a signature id and may be used
diff --git a/doc/gpg.texi b/doc/gpg.texi
index b526deeca..eb7c35cac 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -264,11 +264,11 @@ out the actual signed data, but there are other pitfalls with this
 format as well.  It is suggested to avoid cleartext signatures in
 favor of detached signatures.
 
-Note: Sometimes the use of the @command{gpgv} tool is easier than
-using the full-fledged @command{gpg} with this option.  @command{gpgv}
-is designed to compare signed data against a list of trusted keys and
-returns with success only for a good signature.  It has its own manual
-page.
+Note: To check whether a file was signed by a certain key the option
+@option{--assert-signer} can be used.  As an alternative the
+@command{gpgv} tool can be used.  @command{gpgv} is designed to
+compare signed data against a list of trusted keys and returns with
+success only for a good signature.  It has its own manual page.
 
 
 @item --multifile
@@ -1889,6 +1889,24 @@ Set what trust model GnuPG should follow. The models are:
   must be enabled explicitly.
 @end table
 
+@item --always-trust
+@opindex always-trust
+Identical to @option{--trust-model always}.
+
+@item --assert-signer @var{fpr_or_file}
+@opindex assert-signer
+This option checks whether at least one valid signature on a file has
+been made with the specified key.  The key is either specified as a
+fingerprint or a file listing fingerprints.  The fingerprint must be
+given or listed in compact format (no colons or spaces in between).
+This option can be given multiple times and each fingerprint is
+checked against the signing key as well as the corresponding primary
+key.  If @var{fpr_or_file} specifies a file, empty lines are ignored
+as well as all lines starting with a hash sign.  With this option gpg
+is guaranteed to return with an exit code of 0 if and only if a
+signature has been encountered, is valid, and the key matches one of
+the fingerprints given by this option.
+
 
 @item --auto-key-locate @var{mechanisms}
 @itemx --no-auto-key-locate
@@ -3856,10 +3874,6 @@ Display the keyring name at the head of key listings to show which
 keyring a given key resides on. This option is deprecated: use
 @option{--list-options [no-]show-keyring} instead.
 
-@item --always-trust
-@opindex always-trust
-Identical to @option{--trust-model always}. This option is deprecated.
-
 @item --show-notation
 @itemx --no-show-notation
 @opindex show-notation