Hello Martin,

"Martijn Brinkers" <martijn@ciphermail.com> schrieb am 14.02.2022 15:04:03:

> Von: "Martijn Brinkers" <martijn@ciphermail.com>

> An: users@lists.ciphermail.com
> Kopie: Robert.Wiegand@kvt.de
> Datum: 14.02.2022 15:13
> Betreff: Re: [CipherMail User] Autotrust PGP pub keys <Virus checked>
> On Wed, 2022-02-09 at 17:10 +0100, Robert.Wiegand--- via Users wrote:
> > Hello,
> >
> > I got a request to make incoming public PGP keys trusted.
> > The idea is to make a register mail address where a person can send
> > his pub key and we remove it from the mail and add it to the gateway.
> > That's fine and working.
> > Now the tricky part:
> > We want the user to verify the key via a second way with the key ID.
> > The second way wrote the pub key ID in a database and from their the
> > verify process should start and check if the key with that ID exists
> > and if so it should be trusted.
> > Now two questions:
> > 1. How can we set the key trusted via cli or something like that?
> At the moment the CLI tool does not support this. But it should not be
> hard to add this functionality I think.

That sounds good. Another way could be REST if it's easier to implement or still exists?

> > 2. Is it possible to add a header or subject extension after a lookup
> > in the database to get a value from their which should be added to
> > subject or as header?
> I'm not certain I understand the work-flow you want to implement.
> How should the external user validate the key? With an email challenge?
> Or with some other procedure?

Okay, something more information to the workflow:
- we have member, which are in a external trusted network (VPN like) where the user is already authenticated, but no public network is avaiable
- we want a way to communicate with the user via mail (PGP) and need a verification for their key
- the idea is, they send us a mail, encrypted to a specific mail adress and we deattach the PGP key with ciphermail, so we have the public key
- now the user can send us via a web form or something like that the ID from his key in the trusted network, so we can validate the pub key received via public internet


> Kind regards,
> Martijn Brinkers
> --
> CipherMail email encryption
> Email encryption with support for S/MIME,
> OpenPGP, PDF Messenger and Webmail Messenger