I got a request to make incoming public PGP keys trusted.
The idea is to make a register mail address where a person can send his
pub key and we remove it from the mail and add it to the gateway. That's
fine and working.
Now the tricky part:
We want the user to verify the key via a second way with the key ID. The
second way wrote the pub key ID in a database and from their the verify
process should start and check if the key with that ID exists and if so it
should be trusted.
Now two questions:
1. How can we set the key trusted via cli or something like that?
2. Is it possible to add a header or subject extension after a lookup in
the database to get a value from their which should be added to subject or
as header?
I got a request to make incoming public PGP keys trusted.
The idea is to make a register mail address where a person can send
his pub key and we remove it from the mail and add it to the gateway.
That's fine and working.
Now the tricky part:
We want the user to verify the key via a second way with the key ID.
The second way wrote the pub key ID in a database and from their the
verify process should start and check if the key with that ID exists
and if so it should be trusted.
Now two questions:
1. How can we set the key trusted via cli or something like that?
At the moment the CLI tool does not support this. But it should not be
hard to add this functionality I think.
2. Is it possible to add a header or subject extension after a lookup
in the database to get a value from their which should be added to
subject or as header?
I'm not certain I understand the work-flow you want to implement.
How should the external user validate the key? With an email challenge?
Or with some other procedure?
Kind regards,
Martijn Brinkers
···
On Wed, 2022-02-09 at 17:10 +0100, Robert.Wiegand--- via Users wrote:
--
CipherMail email encryption
Email encryption with support for S/MIME,
OpenPGP, PDF Messenger and Webmail Messenger
> Hello,
>
> I got a request to make incoming public PGP keys trusted.
> The idea is to make a register mail address where a person can send
> his pub key and we remove it from the mail and add it to the gateway.
> That's fine and working.
> Now the tricky part:
> We want the user to verify the key via a second way with the key ID.
> The second way wrote the pub key ID in a database and from their the
> verify process should start and check if the key with that ID exists
> and if so it should be trusted.
> Now two questions:
> 1. How can we set the key trusted via cli or something like that?
At the moment the CLI tool does not support this. But it should not be
hard to add this functionality I think.
That sounds good. Another way could be REST if it's easier to implement or
still exists?
> 2. Is it possible to add a header or subject extension after a lookup
> in the database to get a value from their which should be added to
> subject or as header?
I'm not certain I understand the work-flow you want to implement.
How should the external user validate the key? With an email challenge?
Or with some other procedure?
Okay, something more information to the workflow:
- we have member, which are in a external trusted network (VPN like) where
the user is already authenticated, but no public network is avaiable
- we want a way to communicate with the user via mail (PGP) and need a
verification for their key
- the idea is, they send us a mail, encrypted to a specific mail adress
and we deattach the PGP key with ciphermail, so we have the public key
- now the user can send us via a web form or something like that the ID
from his key in the trusted network, so we can validate the pub key
received via public internet