Re: [qubes-users] Is Qubes Split GPG safe?
Hi Marek, Thanks for acknowledging the issue with the next version of TB. I believe it is critical that the Qubes team be aware of this as part of the roadmap for new features/versions. Just to clarify, I'm looking for a replacement for TB+Enigmail that works with Split gpg and *also* supports Oath2 as I use Gmail accounts with my mail client. Best Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/06e9b647-b240-4dfc-9b46-5eadc1a2cd0b%40googlegroups.com.
Re: [qubes-users] Is Qubes Split GPG safe?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Feb 13, 2020 at 10:05:21PM +0100, Frédéric Pierret wrote: > > On 2020-02-13 20:37, Claudio Chinicz wrote: > > Hi Frédéric, > > > > Thanks, I've managed to install claws-mail on my Fedora template. The > > problem is that Claws-mail does not support Oath2 (Google) authentication, > > just like Kmail. > > Your welcome. > > > > > Evolution does support Oatrh2 authentication but instead of Gnupg it > > supports Open PGP, I think you're confusing two unrelated things. Oauth2 has nothing to do with email encryption. Also, just to clear terminology, GnuPG/GPG is an implementation of OpenGPG standard, so _in theory_ it is the same. - From what I see, Evolution does use GnuPG under the hood. > > the same standard that TB 79 will support, replacing Enigmail. > > > > Would Open PGP support/integrate with Qubes Split GPG? > > I CC Marek to this question as I known there is some new version of it but I > don't know what's inside. Thanks for bringing this to our attention. For reference, this is about https://wiki.mozilla.org/Thunderbird:OpenPGP:2020 - From my reading of this page, it sounds like a DISASTER in terms of existing pgp encrypted emails support in Thunderbird, but also in terms of extensibility of Thunderbird (severe limitation of addons, if not removing them completely). One of the key features of Thunderbird is its flexibility thanks to addons... So, it looks like they have decided to use a completely different implementation (or even writing own) of OpenPGP standard, instead of using well-established standard of GnuPG. They already acknowledge it will most likely lead to many interoperability issues and they accept it at the design level. Life shows that if you already know it will be bad at the design level, in practice it will be even worse! But also important aspect is the key storage. Anyone serious about security knows that keys should be stored isolated. Those not lucky enough to use Qubes, can use smart cards for that. And according to FAQ on that page, new Thunderbird won't support smart cards! And in the shape presented on that page, it looks like there won't be a way to plug split gpg either! As a side note, I do think that even though GnuPG is a well established standard, its quality isn't very high and steps to break its monopoly in OpenPGP implementations are a good thing. But it should be done in an incremental, compatible way, not "break everything" approach. Another side note, or rather a hint for Thunderbird developers: modern gpg consists in reality of multiple parts running as separate processes. One of them is gpg-agent responsible for accessing private keys (either local or on a smart card) and nothing else. gpg-agent has also a simple, (kind of) documented protocol. If they still want to break everything, they could at least consider support for using existing gpg-agent available in the system. This won't solve interoperability issues, but at least will allow people to keep their keys secured on smart cards or with (upcoming new version of) split gpg. The only good side of this I see is having PGP support in Thunderbird out of the box without requiring an addon - meaning probably more people will use it. BTW we need to verify is this major breakage of Thunderbird addons won't break other Qubes features too - namely opening attachments in DisposableVM, which is also done using an addon. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAl5GjPAACgkQ24/THMrX 1yxyewf/Un2JTcdEXx/c0mZd+huN3sr/OwfWt4vOaLnNoPdnog0ak9mpdiJfwAj9 Na3g9jXdF/0hjfgLMC7S7kZaCJv08hzycMatmIl2lY7q7oI8kobIye2EBKZg6/Z3 8WYuYILZet1B7J79/J66lUdhZQt72aLnDadFj9EdIJaFH9GtEUH4SNezsaXce9Q/ M+LWJhS947SySfsuZ3js5IunflHI51AV449OxUzA2fO60/tK7zQg6H+9L8UXBgFO feDvXjLK9+sDGvryn6/M9GNe5Hq5ZBHaFABkpfjhSgF8O2aJm1dFKeMvKJvKh4Ts AexsYCPoXKT2vr5gBwN+BgOQINRgtg== =Qqfw -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200214120504.GE18599%40mail-itl.
Re: [qubes-users] Is Qubes Split GPG safe?
Thanks. Actually, I'm looking for a replacement for TB+Enigmail. Regards On Friday, 14 February 2020 09:48:29 UTC+2, Johannes Graumann wrote: > > On 2020-02-13 18:36, Claudio Chinicz wrote: > > Hi Sven, > > Thanks again. I've tried them and found the following: > > - KMail is not allowed to authenticate with Oath2 from Google (my accounts > are Gmail) > - Evolution now does not support Gnupg > - Claws is not available for Fedora > > Sorry for insisting.. any ideas? > > Best > > https://fedoraproject.org/wiki/Using_GPG_with_Evolution > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d5757e58-63af-42af-971b-aa02dc4c8a3c%40googlegroups.com.
Re: [qubes-users] Is Qubes Split GPG safe?
On 2020-02-13 18:36, Claudio Chinicz wrote: Hi Sven, Thanks again. I've tried them and found the following: - KMail is not allowed to authenticate with Oath2 from Google (my accounts are Gmail) - Evolution now does not support Gnupg - Claws is not available for Fedora Sorry for insisting.. any ideas? Best https://fedoraproject.org/wiki/Using_GPG_with_Evolution -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5c5c26b53ae5d1ddcfbb4b2675f9f7f7%40graumannschaft.org.
Re: [qubes-users] Is Qubes Split GPG safe?
On 2020-02-13 20:37, Claudio Chinicz wrote: > Hi Frédéric, > > Thanks, I've managed to install claws-mail on my Fedora template. The problem > is that Claws-mail does not support Oath2 (Google) authentication, just like > Kmail. Your welcome. > > Evolution does support Oatrh2 authentication but instead of Gnupg it supports > Open PGP, the same standard that TB 79 will support, replacing Enigmail. > > Would Open PGP support/integrate with Qubes Split GPG? I CC Marek to this question as I known there is some new version of it but I don't know what's inside. Best regards, Frédéric -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/107ce55b-e7e5-085f-7d50-b060aa95ea29%40qubes-os.org. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Is Qubes Split GPG safe?
Hi Frédéric, Thanks, I've managed to install claws-mail on my Fedora template. The problem is that Claws-mail does not support Oath2 (Google) authentication, just like Kmail. Evolution does support Oatrh2 authentication but instead of Gnupg it supports Open PGP, the same standard that TB 79 will support, replacing Enigmail. Would Open PGP support/integrate with Qubes Split GPG? Regards On Thursday, 13 February 2020 19:50:21 UTC+2, Frédéric Pierret wrote: > > > On 2020-02-13 18:36, Claudio Chinicz wrote: > > Hi Sven, > > > > Thanks again. I've tried them and found the following: > > > > - KMail is not allowed to authenticate with Oath2 from Google (my > accounts are Gmail) > > - Evolution now does not support Gnupg > > - Claws is not available for Fedora > > 'claws-mail' package is available in Fedora. > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f43b72b8-532b-4703-8109-ad5a85027647%40googlegroups.com.
Re: [qubes-users] Is Qubes Split GPG safe?
On 2020-02-13 18:36, Claudio Chinicz wrote: > Hi Sven, > > Thanks again. I've tried them and found the following: > > - KMail is not allowed to authenticate with Oath2 from Google (my accounts > are Gmail) > - Evolution now does not support Gnupg > - Claws is not available for Fedora 'claws-mail' package is available in Fedora. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/47b77bf4-4f6d-b90e-9d19-7f205187038a%40qubes-os.org. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Is Qubes Split GPG safe?
Hi Sven, Thanks again. I've tried them and found the following: - KMail is not allowed to authenticate with Oath2 from Google (my accounts are Gmail) - Evolution now does not support Gnupg - Claws is not available for Fedora Sorry for insisting.. any ideas? Best -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ed3007a8-783d-4f06-8f8f-4f2a01aad365%40googlegroups.com.
Re: [qubes-users] Is Qubes Split GPG safe?
On Wed, Feb 12, 2020 at 11:10:09AM -0800, Claudio Chinicz wrote: > But TB 79 will not support > Enigmail(https://wiki.mozilla.org/Thunderbird:OpenPGP:2020), so we'll "miss" > split gpg working with TB. > Any alternative with GUI like TB? These are quite popular and work with GnuPG (and therefore very likely also with split gpg): - KMail (KDE) - Evolution (Gnome) - Claws (GTK+) /Sven -- public key: https://www.svensemmler.org/0x8F541FB6.asc fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200212205016.GB971%40app-email-private. signature.asc Description: PGP signature
Re: [qubes-users] Is Qubes Split GPG safe?
Hi, But TB 79 will not support Enigmail(https://wiki.mozilla.org/Thunderbird:OpenPGP:2020), so we'll "miss" split gpg working with TB. Any alternative with GUI like TB? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d801b381-28a3-4c24-b1f8-67b193ed5d94%40googlegroups.com.
Re: [qubes-users] Is Qubes Split GPG safe?
Hi uman, thanks for clarifying the issue. Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d2eb0215-fe3f-4747-b2a1-dec7967a0420%40googlegroups.com.
Re: [qubes-users] Is Qubes Split GPG safe?
> As was pointed out in qubes-issues, this isn't the private key - it's a > key pair that Enigmail creates for some purpose. It cant be used to > encrypt/decrypt messages that use *your* key-pair. > There is no problem here. I'm glad my understanding of the setup is still valid then. Would be nice for other people if you could link to that said issue. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dff946f7-b461-02c4-9710-c09b0041185c%40riseup.net.
Re: [qubes-users] Is Qubes Split GPG safe?
On Sun, Feb 09, 2020 at 02:31:43PM +, unman wrote: > On Sun, Feb 09, 2020 at 01:49:00PM +, qubes-li...@riseup.net wrote: > > Claudio Chinicz wrote: > > > All the idea behind this is to keep your keys in a safe place (VM > > > without network), isolated from your application VM. > > > > > > I've installed the work-gpg (keys vault) and created a mail VM with > > > Thunderbird and Enigmail. > > > > > > While Enigmail cannot create new keys on the vault (I have to > > > manually import them), it allows me to download/copy the contents of > > > my keys (private). > > > > > > So, if my mail VM is compromised my keys may be stolen/used > > > regardless of my keys being kept in a vault! > > > > > > So, what's the purpose of split gpg? > > > > The private keys should never touch the online VM running thunderbird. > > The keys should be generated on the offline VM and the only way to > > perform operations that require the private key must be via the > > split GPG setup. > > > > If you generated the key on the online VM it is probably best to > > start with a new one if you would like to get the benefit of the split GPG > > setup of Qubes. > > > > I think you are missing the point. > What Claudio is reporting is a bug - you are right that the private keys > should never touch the onlineVM. You cant manually export them using > the qubes-split-gpg-wrapper, for example. > But if you use Enigmail with the split-gpg-wrapper, the private key ends > up in the onlineVM, and is therefore open to compromise. > This cant be right. > > unman > As was pointed out in qubes-issues, this isn't the private key - it's a key pair that Enigmail creates for some purpose. It cant be used to encrypt/decrypt messages that use *your* key-pair. There is no problem here. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200212115341.GA22552%40thirdeyesecurity.org.
Re: [qubes-users] Is Qubes Split GPG safe?
On Sun, Feb 09, 2020 at 02:31:43PM +, unman wrote: > On Sun, Feb 09, 2020 at 01:49:00PM +, qubes-li...@riseup.net wrote: > > Claudio Chinicz wrote: > > > All the idea behind this is to keep your keys in a safe place (VM > > > without network), isolated from your application VM. > > > > > > I've installed the work-gpg (keys vault) and created a mail VM with > > > Thunderbird and Enigmail. > > > > > > While Enigmail cannot create new keys on the vault (I have to > > > manually import them), it allows me to download/copy the contents of > > > my keys (private). > > > > > > So, if my mail VM is compromised my keys may be stolen/used > > > regardless of my keys being kept in a vault! > > > > > > So, what's the purpose of split gpg? > > > > The private keys should never touch the online VM running thunderbird. > > The keys should be generated on the offline VM and the only way to > > perform operations that require the private key must be via the > > split GPG setup. > > > > If you generated the key on the online VM it is probably best to > > start with a new one if you would like to get the benefit of the split GPG > > setup of Qubes. > > > > I think you are missing the point. > What Claudio is reporting is a bug - you are right that the private keys > should never touch the onlineVM. You cant manually export them using > the qubes-split-gpg-wrapper, for example. > But if you use Enigmail with the split-gpg-wrapper, the private key ends > up in the onlineVM, and is therefore open to compromise. > This cant be right. > > unman > I've raised issue. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200209153911.GB8115%40thirdeyesecurity.org.
Re: [qubes-users] Is Qubes Split GPG safe?
On Sun, Feb 09, 2020 at 01:49:00PM +, qubes-li...@riseup.net wrote: > Claudio Chinicz wrote: > > All the idea behind this is to keep your keys in a safe place (VM > > without network), isolated from your application VM. > > > > I've installed the work-gpg (keys vault) and created a mail VM with > > Thunderbird and Enigmail. > > > > While Enigmail cannot create new keys on the vault (I have to > > manually import them), it allows me to download/copy the contents of > > my keys (private). > > > > So, if my mail VM is compromised my keys may be stolen/used > > regardless of my keys being kept in a vault! > > > > So, what's the purpose of split gpg? > > The private keys should never touch the online VM running thunderbird. > The keys should be generated on the offline VM and the only way to > perform operations that require the private key must be via the > split GPG setup. > > If you generated the key on the online VM it is probably best to > start with a new one if you would like to get the benefit of the split GPG > setup of Qubes. > I think you are missing the point. What Claudio is reporting is a bug - you are right that the private keys should never touch the onlineVM. You cant manually export them using the qubes-split-gpg-wrapper, for example. But if you use Enigmail with the split-gpg-wrapper, the private key ends up in the onlineVM, and is therefore open to compromise. This cant be right. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200209143143.GA7765%40thirdeyesecurity.org.
Re: [qubes-users] Is Qubes Split GPG safe?
Hi, thanks. It is now much clearer the inner workings of split gpg. On Sunday, 9 February 2020 15:49:45 UTC+2, qubes...@riseup.net wrote: > > Claudio Chinicz wrote: > > All the idea behind this is to keep your keys in a safe place (VM > > without network), isolated from your application VM. > > > > I've installed the work-gpg (keys vault) and created a mail VM with > > Thunderbird and Enigmail. > > > > While Enigmail cannot create new keys on the vault (I have to > > manually import them), it allows me to download/copy the contents of > > my keys (private). > > > > So, if my mail VM is compromised my keys may be stolen/used > > regardless of my keys being kept in a vault! > > > > So, what's the purpose of split gpg? > > The private keys should never touch the online VM running thunderbird. > The keys should be generated on the offline VM and the only way to > perform operations that require the private key must be via the > split GPG setup. > > If you generated the key on the online VM it is probably best to > start with a new one if you would like to get the benefit of the split GPG > setup of Qubes. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/486e2167-59c2-4160-8f0e-ce3ed0c1ce7f%40googlegroups.com.
Re: [qubes-users] Is Qubes Split GPG safe?
Thanks, I now better understand the concepts. On Sunday, 9 February 2020 15:41:39 UTC+2, awokd wrote: > > Claudio Chinicz: > > All the idea behind this is to keep your keys in a safe place (VM > without network), isolated from your application VM. > > > > I've installed the work-gpg (keys vault) and created a mail VM with > Thunderbird and Enigmail. > > > > While Enigmail cannot create new keys on the vault (I have to manually > import them), it allows me to download/copy the contents of my keys > (private). > > > > So, if my mail VM is compromised my keys may be stolen/used regardless > of my keys being kept in a vault! > > > > So, what's the purpose of split gpg? > > > > Thanks for any feedback. > > > In a way, it's security by obscurity- some code looking for keys won't > know to request through split-gpg. It prompts every time it accesses > your keys with split-gpg, with the theory being the user will recognize > an unauthorized request and deny it. In practice, it's difficult to > determine authorized vs. unauthorized with Thunderbird because it > requests access every time a signed email arrives. > > -- > - don't top post > Mailing list etiquette: > - trim quoted reply to only relevant portions > - when possible, copy and paste text instead of screenshots > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/83c9d18c-0720-47d5-be07-89337013828b%40googlegroups.com.
Re: [qubes-users] Is Qubes Split GPG safe?
Claudio Chinicz wrote: > All the idea behind this is to keep your keys in a safe place (VM > without network), isolated from your application VM. > > I've installed the work-gpg (keys vault) and created a mail VM with > Thunderbird and Enigmail. > > While Enigmail cannot create new keys on the vault (I have to > manually import them), it allows me to download/copy the contents of > my keys (private). > > So, if my mail VM is compromised my keys may be stolen/used > regardless of my keys being kept in a vault! > > So, what's the purpose of split gpg? The private keys should never touch the online VM running thunderbird. The keys should be generated on the offline VM and the only way to perform operations that require the private key must be via the split GPG setup. If you generated the key on the online VM it is probably best to start with a new one if you would like to get the benefit of the split GPG setup of Qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1be27134-6fa7-75eb-69e8-2e2047734116%40riseup.net.
Re: [qubes-users] Is Qubes Split GPG safe?
Claudio Chinicz: > All the idea behind this is to keep your keys in a safe place (VM without > network), isolated from your application VM. > > I've installed the work-gpg (keys vault) and created a mail VM with > Thunderbird and Enigmail. > > While Enigmail cannot create new keys on the vault (I have to manually import > them), it allows me to download/copy the contents of my keys (private). > > So, if my mail VM is compromised my keys may be stolen/used regardless of my > keys being kept in a vault! > > So, what's the purpose of split gpg? > > Thanks for any feedback. > In a way, it's security by obscurity- some code looking for keys won't know to request through split-gpg. It prompts every time it accesses your keys with split-gpg, with the theory being the user will recognize an unauthorized request and deny it. In practice, it's difficult to determine authorized vs. unauthorized with Thunderbird because it requests access every time a signed email arrives. -- - don't top post Mailing list etiquette: - trim quoted reply to only relevant portions - when possible, copy and paste text instead of screenshots -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9784b2c6-5b1b-1005-dbda-a6ee3d1b%40danwin1210.me.
