Hi, thanks. It is now much clearer the inner workings of split gpg. On Sunday, 9 February 2020 15:49:45 UTC+2, qubes...@riseup.net wrote: > > Claudio Chinicz wrote: > > All the idea behind this is to keep your keys in a safe place (VM > > without network), isolated from your application VM. > > > > I've installed the work-gpg (keys vault) and created a mail VM with > > Thunderbird and Enigmail. > > > > While Enigmail cannot create new keys on the vault (I have to > > manually import them), it allows me to download/copy the contents of > > my keys (private). > > > > So, if my mail VM is compromised my keys may be stolen/used > > regardless of my keys being kept in a vault! > > > > So, what's the purpose of split gpg? > > The private keys should never touch the online VM running thunderbird. > The keys should be generated on the offline VM and the only way to > perform operations that require the private key must be via the > split GPG setup. > > If you generated the key on the online VM it is probably best to > start with a new one if you would like to get the benefit of the split GPG > setup of Qubes. >
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/486e2167-59c2-4160-8f0e-ce3ed0c1ce7f%40googlegroups.com.