Qubes OS has a feature called Split GPG where you can keep your email
client in one VM and your gpg keyring in another VM (without network
access, for example). If you're using it with Thunderbird and Enigmail,
you basically just have to configure Enigmail to make calls to
/usr/bin/qubes-gpg-client-wrapper instead of /usr/bin/gpg2. It then
basically proxies your command from your email VM to your GPG VM, then
proxies the output back.

Unfortunately Enigmail 2.0.7 caused it to break:

It breaks because now Enigmail calls out to gpg with arguments like:

--log-file /tmp/gpgOutput.ln9Jcr

I know that 2.0.7 fixed a security bug, and presumably this was added
for a reason.

So my question is, is it safe for split GPG to simply ignore the
--log-file argument altogether? Or does Enigmail try to do something
with that log file later on, and things will break if it's not there?

Attachment: signature.asc
Description: OpenPGP digital signature

enigmail-users mailing list
To unsubscribe or make changes to your subscription click here:

Reply via email to