Hash: SHA256

On Thu, Dec 15, 2016 at 10:53:56PM +0100, cubit wrote:
> Halo!
> I have run into more problems with thunderbird+enigmail on qubes and wonder 
> if anyone else has problems.
> I have a work appvm as Debian 8 with icedove 45.5.1 and enigmail 1.8.2
> I have a vault appvm with my gpg keys as Debian 8 to do split gpg.
> I updated templates and dom0 today and rebooted computer.  Now when I try to 
> look at encrypted email I am prompted to enter my gpg key password every time 
> I look at an encrypted email.   Also if I look at an encrypted email, go to a 
> different program and then tab back to thunderbird I am immediately asked for 
> gpg key password for the email I was looking at.
> I do notice that the password prompt window looks different from pre reboot.
> Some other package info:
> ii  pinentry-gtk2   0.8.3-2
> ii  gnupg  1.4.18-7+deb8u3 
> ii  gnupg-agent   2.0.26-6+deb8u1 
> ii  gnupg2   2.0.26-6+deb8u1
> ii  gpgv 1.4.18-7+deb8u3  
> ii  libgpg-error0:amd64   1.17-3    
> ii  libgpgme11:amd64  1.5.1-6  
> ii  qubes-gpg-split   2.0.24-1+deb8u1    

The solution is easy - remove password from your keys, especially when
you're using split gpg. It is inconvenient illusion of security. If
someone gets access to your private keyring, he/she will be able to get
your password the same way. Especially when you're relying on caching it
in RAM...

The only case when password protected keys makes some sense is
protection after hardware theft, but since Qubes use full disk
encryption anyway, it doesn't add anything extra in this case.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Version: GnuPG v2


You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to