Claudio Chinicz: > All the idea behind this is to keep your keys in a safe place (VM without > network), isolated from your application VM. > > I've installed the work-gpg (keys vault) and created a mail VM with > Thunderbird and Enigmail. > > While Enigmail cannot create new keys on the vault (I have to manually import > them), it allows me to download/copy the contents of my keys (private). > > So, if my mail VM is compromised my keys may be stolen/used regardless of my > keys being kept in a vault! > > So, what's the purpose of split gpg? > > Thanks for any feedback. > In a way, it's security by obscurity- some code looking for keys won't know to request through split-gpg. It prompts every time it accesses your keys with split-gpg, with the theory being the user will recognize an unauthorized request and deny it. In practice, it's difficult to determine authorized vs. unauthorized with Thunderbird because it requests access every time a signed email arrives.
-- - don't top post Mailing list etiquette: - trim quoted reply to only relevant portions - when possible, copy and paste text instead of screenshots -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9784b2c6-5b1b-1005-dbda-a6ee3d10000b%40danwin1210.me.
