On Sun, Feb 09, 2020 at 01:49:00PM +0000, qubes-li...@riseup.net wrote: > Claudio Chinicz wrote: > > All the idea behind this is to keep your keys in a safe place (VM > > without network), isolated from your application VM. > > > > I've installed the work-gpg (keys vault) and created a mail VM with > > Thunderbird and Enigmail. > > > > While Enigmail cannot create new keys on the vault (I have to > > manually import them), it allows me to download/copy the contents of > > my keys (private). > > > > So, if my mail VM is compromised my keys may be stolen/used > > regardless of my keys being kept in a vault! > > > > So, what's the purpose of split gpg? > > The private keys should never touch the online VM running thunderbird. > The keys should be generated on the offline VM and the only way to > perform operations that require the private key must be via the > split GPG setup. > > If you generated the key on the online VM it is probably best to > start with a new one if you would like to get the benefit of the split GPG > setup of Qubes. >
I think you are missing the point. What Claudio is reporting is a bug - you are right that the private keys should never touch the onlineVM. You cant manually export them using the qubes-split-gpg-wrapper, for example. But if you use Enigmail with the split-gpg-wrapper, the private key ends up in the onlineVM, and is therefore open to compromise. This cant be right. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200209143143.GA7765%40thirdeyesecurity.org.
