gpg: do not sign with untrusted keys

During encryption gpg was ignoring trust model of the user in favor of always using the insecure "always". This change removes this override and adds a helpful message if a user tries to encrypt a message with an untrusted key. To revert to the previous behavior users can add "trust-model always" to their gpg.conf file (default ~/.gnupg/gpg.conf). Signed-off-by: Marcin Serwin <marcin@serwin.dev> Acked-by: Tim Culverhouse <tim@timculverhouse.com>
author: Marcin Serwin <marcin@serwin.dev> 2024-10-20 00:01:58 +0200
committer: Robin Jarry <robin@jarry.cc> 2024-10-23 10:22:45 +0200
commit: 63db443949b92eed5f5d2ded5f430bda96312b43 (patch)
tree: 3963176515de3fe4ccc8cda41496a5fe672b49ec /lib/crypto/gpg/gpgbin/encrypt.go
parent: 7469730f044a4c2e929919004ea6971cdced3637 (diff)
download: aerc-63db443949b92eed5f5d2ded5f430bda96312b43.tar.gz
1 files changed, 1 insertions, 4 deletions
diff --git a/lib/crypto/gpg/gpgbin/encrypt.go b/lib/crypto/gpg/gpgbin/encrypt.go
index fa33e466..712bb327 100644
--- a/lib/crypto/gpg/gpgbin/encrypt.go
+++ b/lib/crypto/gpg/gpgbin/encrypt.go
@@ -8,13 +8,10 @@ import (
 	"git.sr.ht/~rjarry/aerc/models"
 )
 
-// Encrypt runs gpg --encrypt [--sign] -r [recipient]. The default is to have
-// --trust-model always set
+// Encrypt runs gpg --encrypt [--sign] -r [recipient]
 func Encrypt(r io.Reader, to []string, from string) ([]byte, error) {
-	// TODO probably shouldn't have --trust-model always a default
 	args := []string{
 		"--armor",
-		"--trust-model", "always",
 	}
 	if from != "" {
 		args = append(args, "--sign", "--default-key", from)
author	Marcin Serwin <marcin@serwin.dev>	2024-10-20 00:01:58 +0200
committer	Robin Jarry <robin@jarry.cc>	2024-10-23 10:22:45 +0200
commit	63db443949b92eed5f5d2ded5f430bda96312b43 (patch)
tree	3963176515de3fe4ccc8cda41496a5fe672b49ec /lib/crypto/gpg/gpgbin/encrypt.go
parent	7469730f044a4c2e929919004ea6971cdced3637 (diff)
download	aerc-63db443949b92eed5f5d2ded5f430bda96312b43.tar.gz