don't bypass the web of trust (#378) (#379)

* don't bypass the web of trust (#378) the choice whether to use a web of trust and on which trust level is up to the user of PGP/GPG and must not be overriden by tools that are set on top users can decide to ignore this safety net by setting their gpg.conf adequately, defining an alias for `gpg --trust-model=always` or passing the env GPG to blackbox in this way but we should not override their preferences hardcoded * update README add note about the web of trust * fix broken test assume that we have `--quick-generate-key` if we run gpg2 instead of doing a dry run for that (which has side effects that break the test)
2025-12-16 11:33:01 +02:00 · 2024-01-17 14:23:09 +01:00
parent 0e602cf18c
commit 3a137a4a17
4 changed files with 17 additions and 9 deletions
--- a/pkg/crypters/gnupg/gnupg.go
+++ b/pkg/crypters/gnupg/gnupg.go
@@ -106,7 +106,6 @@ func (crypt CrypterHandle) Encrypt(filename string, umask int, receivers []strin
 	a := []string{
 		"--use-agent",
 		"--yes",
-		"--trust-model=always",
 		"--encrypt",
 		"-o", encrypted,
 	}