On Sun, Feb 09, 2020 at 02:31:43PM +0000, unman wrote: > On Sun, Feb 09, 2020 at 01:49:00PM +0000, qubes-li...@riseup.net wrote: > > Claudio Chinicz wrote: > > > All the idea behind this is to keep your keys in a safe place (VM > > > without network), isolated from your application VM. > > > > > > I've installed the work-gpg (keys vault) and created a mail VM with > > > Thunderbird and Enigmail. > > > > > > While Enigmail cannot create new keys on the vault (I have to > > > manually import them), it allows me to download/copy the contents of > > > my keys (private). > > > > > > So, if my mail VM is compromised my keys may be stolen/used > > > regardless of my keys being kept in a vault! > > > > > > So, what's the purpose of split gpg? > > > > The private keys should never touch the online VM running thunderbird. > > The keys should be generated on the offline VM and the only way to > > perform operations that require the private key must be via the > > split GPG setup. > > > > If you generated the key on the online VM it is probably best to > > start with a new one if you would like to get the benefit of the split GPG > > setup of Qubes. > > > > I think you are missing the point. > What Claudio is reporting is a bug - you are right that the private keys > should never touch the onlineVM. You cant manually export them using > the qubes-split-gpg-wrapper, for example. > But if you use Enigmail with the split-gpg-wrapper, the private key ends > up in the onlineVM, and is therefore open to compromise. > This cant be right. > > unman >
I've raised issue. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200209153911.GB8115%40thirdeyesecurity.org.
