On Fri, Nov 24, 2017 at 1:35 AM, Elias Mårtenson <[email protected]> wrote: > On Friday, 24 November 2017 12:10:06 UTC+8, Jean-Philippe Ouellet wrote: > >> >> Explicitly allowing it in policy e.g. >> some-vm some-vm-keys allow >> in /etc/qubes-rpc/policy/qubes.Gpg will stop asking for confirmation each >> time. > > > Thank you. > > Adding “$anyvm private-gpg allow” to the file fixed the problem.
No! I would very strongly recommend against that! That allows any VM (including entirely untrusted ones, like sys-net, DispVMs with who knows what, etc.) to sign & decrypt stuff with your keys! Use a specific source vm in the first field, not $anyvm, otherwise you may actually be better off without split-gpg entirely depending on your threat model. Regards, Jean-Philippe -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/CABQWM_BmAdN2%2BwhP9%3DYZT%3Dwekm4%3Dj00A4U%3D69jvy3TXDib3LiQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
