From 1523b5f76f6e600c4f2d153b49a807ff2dc8d268 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 15 Mar 2021 10:47:19 +0100
Subject: gpg: New option --no-auto-trust-new-key.

* g10/gpg.c (oNoAutoTrustNewKey): New.
(opts): Add --no-auto-trust-new-key.
(main): Set it.
* g10/options.h (opt): Add flags.no_auto_trust_new_key.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 g10/keygen.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'g10/keygen.c')

diff --git a/g10/keygen.c b/g10/keygen.c
index 01eec57ac..bde0f3217 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -5568,9 +5568,10 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
           keyid_from_pk (pk, pk->main_keyid);
           register_trusted_keyid (pk->main_keyid);
 
-	  update_ownertrust (ctrl, pk,
-                             ((get_ownertrust (ctrl, pk) & ~TRUST_MASK)
-                              | TRUST_ULTIMATE ));
+          if (!opt.flags.no_auto_trust_new_key)
+            update_ownertrust (ctrl, pk,
+                               ((get_ownertrust (ctrl, pk) & ~TRUST_MASK)
+                                | TRUST_ULTIMATE ));
 
           gen_standard_revoke (ctrl, pk, cache_nonce);
 
-- 
cgit v1.2.3