Merge pull request #353 from roddhjav/master

Ensure the gpg key is trusted.

extras/test/20_recipients.sh

@@ -48,4 +48,10 @@ test_expect_success 'Testing tomb with GnuPG keys and shared tomb' '
     tt_close
     '
 
+test_export "untrusted"
+test_expect_success 'Testing tomb creation with untrusted GnuPG keys' '
+    tt_dig -s 20 &&
+    test_must_fail tt_forge -g -r $KEY_UNTRUSTED
+    '
+
 test_done

extras/test/setup

@@ -67,6 +67,7 @@ export KEY1="A4857CD176B31435F9709D25F0E573B8289439CD"
 export KEY2="0B2235E660753AB0475FB3E23DC836481F44B31E"
 export SUBKEY1="D89BE71A935779961C130E50D9D7ACED39D3991C!"
 export SUBKEY2="843077BF7FD4A9C7BBFC3A69F065568B4F7D6CA9!"
+export KEY_UNTRUSTED="E6195F61F5EBA81FE4B1565AAC844B92004240CD"
 
 chmod 700 "$GNUPGHOME"
 

tomb

@@ -953,16 +953,22 @@ _ensure_dependencies() {
 is_valid_recipients() {
 	typeset -a recipients
 	recipients=($@)
+	trusted=(m f u w s)
 
 	_verbose "is_valid_recipients"
 
 	# All the keys ID must be valid (the public keys must be present in the database)
 	for gpg_id in ${recipients[@]}; do
-		gpg --with-colons --batch --list-keys "$gpg_id" &> /dev/null
+		trust="$(gpg --with-colons --batch --list-keys "$gpg_id" 2> /dev/null |
+				 	awk 'BEGIN { FS=":" } /^pub/ { print $2; exit}')"
 		[[ $? != 0 ]] && {
 			_warning "Not a valid GPG key ID: ::1 gpgid:: " $gpg_id
 			return 1
 		}
+		[[ ${trusted[(r)$trust]} != $trust ]] && {
+			_warning "The key ::1 gpgid:: is not trusted enough" $gpg_id
+			return 1
+		}
 	done
 
 	# At least one private key must be present