On 2020-09-17 01:18, unman wrote:
On Thu, Sep 17, 2020 at 12:41:56AM +0000, uro2204nk81jeorn wrote:
Let's say I have created a general purpose domain for storing EVERY
subkey I
create, what kind of implications could this have? Am I leaking
multiple
identities every time I use the gpg wrapper?
Where can I read deeper into the design as well?
I'm assuming you have read:
https://www.qubes-os.org/doc/split-gpg
The "Discussions" referenced at the bottom of that page are a good
guide.
As to the risks in storing all your keys in the same qube, there *is* a
danger, in that an attacker who gained access to a client qube would be
able to see your subkeys and therefore link identities.
Since the overhead in creating multiple pgp qubes is small, I would do
that.
The reason I think it'd be beneficial to create one central domain is so
it can be autostarted and handle most PGP operations, multiple vms
wouldn't be very convenient, as well as limitations on memory usage, I
wouldn't even think to autostart multiple PGP domains, but even in not
doing so, my memory goes quick.
Should I utilize a dispvm as a middleman? One disposablevm shouldn't be
too impactful on memory usage, and I could just copy documents around
instead of multiple keys.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/bb5de2cda7f2468371aba5e42c018045%40firemail.cc.