On 09-09-2020 12:08, Benjamin Kees via Users wrote: > for our setup of ciphermail it's not practicable to set keys (grabbed > from an attachment) to trusted manually. > > The option "automatically trust imported keys" in the "PGP - Search > Keys" Dialogue is only for manually adding a key and doesn't help. > > > Knowing that not checking trust level manually is a security risk, due > to lack of authentication, I'd like ciphermail to either > > automatically set keys from attachments as trusted or > > make it use keys for encryption that have an undefined level of trust. > > > I haven't found a way to set that in the webinterface nor in any configfile. > Has someone a configfile key, a patch or another solution?
This is currently not supported. Blindly trusting a PGP key is security wise perhaps not a good idea (as you already suggested). We have plans to work on a better command line interface (CLI), perhaps we can add the possibility to manage trust from a script. This way you can periodically run a script which sets the trust level for a key. Adding this functionality to the existing CLI tools is not difficult if you know Java so you might have a look. The code for the CipherMail community edition is mirrored to https://gitlab.com/ciphermail Kind regards, Martijn Brinkers _______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected]
