-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Thu, Dec 15, 2016 at 10:53:56PM +0100, cubit wrote: > Halo! > > I have run into more problems with thunderbird+enigmail on qubes and wonder > if anyone else has problems. > > I have a work appvm as Debian 8 with icedove 45.5.1 and enigmail 1.8.2 > I have a vault appvm with my gpg keys as Debian 8 to do split gpg. > > I updated templates and dom0 today and rebooted computer. Now when I try to > look at encrypted email I am prompted to enter my gpg key password every time > I look at an encrypted email. Also if I look at an encrypted email, go to a > different program and then tab back to thunderbird I am immediately asked for > gpg key password for the email I was looking at. > > I do notice that the password prompt window looks different from pre reboot. > > Some other package info: > > ii pinentry-gtk2 0.8.3-2 > ii gnupg 1.4.18-7+deb8u3 > ii gnupg-agent 2.0.26-6+deb8u1 > ii gnupg2 2.0.26-6+deb8u1 > ii gpgv 1.4.18-7+deb8u3 > ii libgpg-error0:amd64 1.17-3 > ii libgpgme11:amd64 1.5.1-6 > ii qubes-gpg-split 2.0.24-1+deb8u1
The solution is easy - remove password from your keys, especially when you're using split gpg. It is inconvenient illusion of security. If someone gets access to your private keyring, he/she will be able to get your password the same way. Especially when you're relying on caching it in RAM... The only case when password protected keys makes some sense is protection after hardware theft, but since Qubes use full disk encryption anyway, it doesn't add anything extra in this case. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJYU2FfAAoJENuP0xzK19csfhwH/2jdT7GbbdhRXlQdw1xPmdgx f0TchBo2w6UkAowm3JjRhY8iw832qQMTcvKwKqG0JW23VsGsUnU/bqvjd4sDwE9V 7UgTOnAWXqra+wSJHsUjX+L6G+Lxxp+skXq6FKdVcCEsrVYf3BHzxfVeNevf2wG+ HJyIHjHCzwrZyHVscxKUq6rBtOvyOS+zSLNPTn7Nd6V0Kl3eMQwfu0FPvlvdfbre lkUZ+wcGGo2nDUS+v2qbGiYXvs6+wfAwTFoSuNSC9t7ruofB6NaTTnbZXTEXaXcm hSM0qzE4RCYjoQAqNNJ0tHfe398xdyowCMeouWrchr8uZpZ2I+Zb3Bb4OlQ3J5o= =FBVc -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161216033701.GV1239%40mail-itl. For more options, visit https://groups.google.com/d/optout.