ā€ˇThanks, I now better understand the concepts. On Sunday, 9 February 2020 15:41:39 UTC+2, awokd wrote: > > Claudio Chinicz: > > All the idea behind this is to keep your keys in a safe place (VM > without network), isolated from your application VM. > > > > I've installed the work-gpg (keys vault) and created a mail VM with > Thunderbird and Enigmail. > > > > While Enigmail cannot create new keys on the vault (I have to manually > import them), it allows me to download/copy the contents of my keys > (private). > > > > So, if my mail VM is compromised my keys may be stolen/used regardless > of my keys being kept in a vault! > > > > So, what's the purpose of split gpg? > > > > Thanks for any feedback. > > > In a way, it's security by obscurity- some code looking for keys won't > know to request through split-gpg. It prompts every time it accesses > your keys with split-gpg, with the theory being the user will recognize > an unauthorized request and deny it. In practice, it's difficult to > determine authorized vs. unauthorized with Thunderbird because it > requests access every time a signed email arrives. > > -- > - don't top post > Mailing list etiquette: > - trim quoted reply to only relevant portions > - when possible, copy and paste text instead of screenshots >
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/83c9d18c-0720-47d5-be07-89337013828b%40googlegroups.com.
