suzanne.soy/qubes-doc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix headings (#676)

Browse Source
This commit is contained in:
Andrew David Wong 2018-07-10 19:30:38 -05:00
parent 09645fcd09
commit 30a16a8685
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
1 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
security/split-gpg.md
View File

@ -14,11 +14,10 @@ redirect_from:
- /wiki/UserDoc/OpenPGP/ - /wiki/UserDoc/OpenPGP/
--- ---
Qubes Split GPG # Qubes Split GPG #
===============
## What is Split GPG and why should I use it instead of the standard GPG? ##
What is Split GPG and why should I use it instead of the standard GPG?
----------------------------------------------------------------------
Split GPG implements a concept similar to having a smart card with your Split GPG implements a concept similar to having a smart card with your
private GPG keys, except that the role of the "smart card" plays another Qubes private GPG keys, except that the role of the "smart card" plays another Qubes
AppVM. This way one, not-so-trusted domain, e.g. the one where Thunderbird is AppVM. This way one, not-so-trusted domain, e.g. the one where Thunderbird is
@ -76,8 +75,7 @@ could start a Disposable VM and have the to-be-signed document displayed
there? To Be Determined. there? To Be Determined.
Configuring Split GPG ## Configuring Split GPG ##
---------------------
In dom0, make sure the `qubes-gpg-split-dom0` package is installed. In dom0, make sure the `qubes-gpg-split-dom0` package is installed.
@ -146,7 +144,9 @@ only `gpg2`). If you encounter trouble while trying to set up Split-GPG, make
sure you're using `gpg2` for your configuration and testing, since keyring data sure you're using `gpg2` for your configuration and testing, since keyring data
may differ between the two installations. may differ between the two installations.
## Using Thunderbird + Enigmail with Split GPG ## ## Qubes 3.2 Specifics ##
### Using Thunderbird + Enigmail with Split GPG ###
However, when using Thunderbird with Enigmail extension it is However, when using Thunderbird with Enigmail extension it is
not enough, because Thunderbird doesn't preserve the environment not enough, because Thunderbird doesn't preserve the environment
@ -171,7 +171,9 @@ passphrase from your (sub)key(s) in order to get Split-GPG working correctly.
As mentioned above, we do not believe PGP key passphrases to be significant As mentioned above, we do not believe PGP key passphrases to be significant
from a security perspective. from a security perspective.
### Thunderbird + Enigmail in Qubes 4.0 ### ## Qubes 4.0 Specifics ##
### Using Thunderbird + Enigmail with Split GPG ###
New qrexec policies in Qubes R4.0 by default require the user to enter the name New qrexec policies in Qubes R4.0 by default require the user to enter the name
of the domain containing GPG keys each time it is accessed. To improve usability of the domain containing GPG keys each time it is accessed. To improve usability
@ -241,8 +243,8 @@ displayed to accept this.
<br /> <br />
Advanced: Using Split GPG with Subkeys ## Advanced: Using Split GPG with Subkeys ##
--------------------------------------
Users with particularly high security requirements may wish to use Split Users with particularly high security requirements may wish to use Split
GPG with [subkeys]. However, this setup GPG with [subkeys]. However, this setup
comes at a significant cost: It will be impossible to sign other people's keys comes at a significant cost: It will be impossible to sign other people's keys