Claudio Chinicz wrote: > All the idea behind this is to keep your keys in a safe place (VM > without network), isolated from your application VM. > > I've installed the work-gpg (keys vault) and created a mail VM with > Thunderbird and Enigmail. > > While Enigmail cannot create new keys on the vault (I have to > manually import them), it allows me to download/copy the contents of > my keys (private). > > So, if my mail VM is compromised my keys may be stolen/used > regardless of my keys being kept in a vault! > > So, what's the purpose of split gpg?
The private keys should never touch the online VM running thunderbird. The keys should be generated on the offline VM and the only way to perform operations that require the private key must be via the split GPG setup. If you generated the key on the online VM it is probably best to start with a new one if you would like to get the benefit of the split GPG setup of Qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1be27134-6fa7-75eb-69e8-2e2047734116%40riseup.net.
