Hello Martin,
"Martijn Brinkers" <martijn@ciphermail.com>
schrieb am 14.02.2022 15:04:03:
> Von: "Martijn Brinkers" <martijn@ciphermail.com>
> An: users@lists.ciphermail.com
> Kopie: Robert.Wiegand@kvt.de
> Datum: 14.02.2022 15:13
> Betreff: Re: [CipherMail User]
Autotrust PGP pub keys <Virus checked>
>
> On Wed, 2022-02-09 at 17:10 +0100, Robert.Wiegand--- via Users wrote:
> > Hello,
> >
> > I got a request to make incoming public PGP keys trusted.
> > The idea is to make a register mail address where a person can
send
> > his pub key and we remove it from the mail and add it to the
gateway.
> > That's fine and working.
> > Now the tricky part:
> > We want the user to verify the key via a second way with the
key ID.
> > The second way wrote the pub key ID in a database and from their
the
> > verify process should start and check if the key with that ID
exists
> > and if so it should be trusted.
> > Now two questions:
> > 1. How can we set the key trusted via cli or something like that?
>
> At the moment the CLI tool does not support this. But it should not
be
> hard to add this functionality I think.
>
That sounds good. Another way could
be REST if it's easier to implement or still exists?
> > 2. Is it possible to add a header or subject extension after
a lookup
> > in the database to get a value from their which should be added
to
> > subject or as header?
>
> I'm not certain I understand the work-flow you want to implement.
>
> How should the external user validate the key? With an email challenge?
> Or with some other procedure?
>
Okay, something more information
to the workflow:
- we have member, which are in a
external trusted network (VPN like) where the user is already authenticated,
but no public network is avaiable
- we want a way to communicate with
the user via mail (PGP) and need a verification for their key
- the idea is, they send us a mail,
encrypted to a specific mail adress and we deattach the PGP key with ciphermail,
so we have the public key
- now the user can send us via a
web form or something like that the ID from his key in the trusted network,
so we can validate the pub key received via public internet
Regards
Robert
> Kind regards,
>
> Martijn Brinkers
>
> --
> CipherMail email encryption
> Email encryption with support for S/MIME,
> OpenPGP, PDF Messenger and Webmail Messenger
>