On 09-09-2020 12:08, Benjamin Kees via Users wrote:
for our setup of ciphermail it's not practicable
to set keys (grabbed
from an attachment) to trusted manually.
The option "automatically trust imported keys" in the "PGP - Search
Keys" Dialogue is only for manually adding a key and doesn't help.
Knowing that not checking trust level manually is a security risk, due
to lack of authentication, I'd like ciphermail to either
automatically set keys from attachments as trusted or
make it use keys for encryption that have an undefined level of trust.
I haven't found a way to set that in the webinterface nor in any configfile.
Has someone a configfile key, a patch or another solution?
This is currently not supported. Blindly trusting a PGP key is security
wise perhaps not a good idea (as you already suggested). We have plans
to work on a better command line interface (CLI), perhaps we can add the
possibility to manage trust from a script. This way you can periodically
run a script which sets the trust level for a key. Adding this
functionality to the existing CLI tools is not difficult if you know
Java so you might have a look.
The code for the CipherMail community edition is mirrored to