From 6b4bd69dbc7dbb3f9883413736ffdbcde4001913 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Thu, 27 Jun 2019 19:58:58 +0100
Subject: [PATCH] Ensure GPG key is trusted. See #340

---
 extras/test/20_recipients.sh | 6 ++++++
 tomb                         | 8 +++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/extras/test/20_recipients.sh b/extras/test/20_recipients.sh
index 8355765..185f1c3 100644
--- a/extras/test/20_recipients.sh
+++ b/extras/test/20_recipients.sh
@@ -48,4 +48,10 @@ test_expect_success 'Testing tomb with GnuPG keys and shared tomb' '
     tt_close
     '
 
+test_export "untrusted"
+test_expect_success 'Testing tomb creation with untrusted GnuPG keys' '
+    tt_dig -s 20 &&
+    test_must_fail tt_forge -g -r $KEY_UNTRUSTED
+    '
+
 test_done
diff --git a/tomb b/tomb
index 87aae0a..1064472 100755
--- a/tomb
+++ b/tomb
@@ -953,16 +953,22 @@ _ensure_dependencies() {
 is_valid_recipients() {
 	typeset -a recipients
 	recipients=($@)
+	trusted=(m f u w s)
 
 	_verbose "is_valid_recipients"
 
 	# All the keys ID must be valid (the public keys must be present in the database)
 	for gpg_id in ${recipients[@]}; do
-		gpg --with-colons --batch --list-keys "$gpg_id" &> /dev/null
+		trust="$(gpg --with-colons --batch --list-keys "$gpg_id" 2> /dev/null |
+				 	awk 'BEGIN { FS=":" } /^pub/ { print $2; exit}')"
 		[[ $? != 0 ]] && {
 			_warning "Not a valid GPG key ID: ::1 gpgid:: " $gpg_id
 			return 1
 		}
+		[[ ${trusted[(r)$trust]} != $trust ]] && {
+			_warning "The key ::1 gpgid:: is not trusted enough" $gpg_id
+			return 1
+		}
 	done
 
 	# At least one private key must be present