diff options
| author | Marcin Serwin <marcin@serwin.dev> | 2024-10-20 00:01:58 +0200 |
|---|---|---|
| committer | Robin Jarry <robin@jarry.cc> | 2024-10-23 10:22:45 +0200 |
| commit | 63db443949b92eed5f5d2ded5f430bda96312b43 (patch) | |
| tree | 3963176515de3fe4ccc8cda41496a5fe672b49ec /lib/crypto/gpg/gpgbin/import-ownertrust.go | |
| parent | 7469730f044a4c2e929919004ea6971cdced3637 (diff) | |
| download | aerc-63db443949b92eed5f5d2ded5f430bda96312b43.tar.gz | |
gpg: do not sign with untrusted keys
During encryption gpg was ignoring trust model of the user in favor of
always using the insecure "always". This change removes this override
and adds a helpful message if a user tries to encrypt a message with an
untrusted key. To revert to the previous behavior users can add
"trust-model always" to their gpg.conf file (default ~/.gnupg/gpg.conf).
Signed-off-by: Marcin Serwin <marcin@serwin.dev>
Acked-by: Tim Culverhouse <tim@timculverhouse.com>
Diffstat (limited to 'lib/crypto/gpg/gpgbin/import-ownertrust.go')
| -rw-r--r-- | lib/crypto/gpg/gpgbin/import-ownertrust.go | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/crypto/gpg/gpgbin/import-ownertrust.go b/lib/crypto/gpg/gpgbin/import-ownertrust.go new file mode 100644 index 00000000..05499917 --- /dev/null +++ b/lib/crypto/gpg/gpgbin/import-ownertrust.go @@ -0,0 +1,16 @@ +package gpgbin + +import ( + "io" +) + +// Import runs gpg --import-ownertrust and thus imports trusts for keys +func ImportOwnertrust(r io.Reader) error { + args := []string{"--import-ownertrust"} + g := newGpg(r, args) + err := g.cmd.Run() + if err != nil { + return err + } + return nil +} |