From 61c92f30ba7d7d8845c666fc028bc388f44cb173 Mon Sep 17 00:00:00 2001 From: Jeff Clement Date: Sat, 4 Apr 2020 07:35:41 -0600 Subject: [PATCH 1/2] Added Keybase configuration section. #5753 --- user/security-in-qubes/split-gpg.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/user/security-in-qubes/split-gpg.md b/user/security-in-qubes/split-gpg.md index f2030a75..2372e572 100644 --- a/user/security-in-qubes/split-gpg.md +++ b/user/security-in-qubes/split-gpg.md @@ -160,6 +160,20 @@ On a fresh Enigmail install, your need to change the default `Enigmail Junior Mo ![tb-enigmail-split-gpg-settings-2.png](/attachment/wiki/SplitGpg/tb-enigmail-split-gpg-settings-2.png) +### Using Keybase with Split GPG ### + +Keybase, a security focused messaging and file-sharing app with GPG integration, can be configured to use Split GPG. + +The Keybase service does not preserve/pass the `QUBES_GPG_DOMAIN` environment variable through to underlying GPG processes, so it **must** be configured to use `/usr/bin/qubes-gpg-client-wrapper` (as discussed aboved) rather than `/usr/bin/qubes-gpg-client`. + +The following command will configure Keybase to use `/usr/bin/qubes-gpg-client-wrapper` instead of its built-in GPG client: + +``` +$ keybase config set gpg.command /usr/bin/qubes-gpg-client-wrapper +``` + +Now that Keybase is configured to use `qubes-gpg-client-wrapper`, you will be able to use `keybase pgp select` to choose a GPG key from your backend GPG AppVM and link that key to your Keybase identity. + ## Using Git with Split GPG ## Git can be configured to used with Split GPG, something useful if you would like to contribute to the Qubes OS Project as every commit is required to be signed. From e43aef11670dd9981731227258a90b20e676bea6 Mon Sep 17 00:00:00 2001 From: Jeff Clement Date: Sat, 4 Apr 2020 07:52:30 -0600 Subject: [PATCH 2/2] spelling mistake --- user/security-in-qubes/split-gpg.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/security-in-qubes/split-gpg.md b/user/security-in-qubes/split-gpg.md index 2372e572..105c43ec 100644 --- a/user/security-in-qubes/split-gpg.md +++ b/user/security-in-qubes/split-gpg.md @@ -164,7 +164,7 @@ On a fresh Enigmail install, your need to change the default `Enigmail Junior Mo Keybase, a security focused messaging and file-sharing app with GPG integration, can be configured to use Split GPG. -The Keybase service does not preserve/pass the `QUBES_GPG_DOMAIN` environment variable through to underlying GPG processes, so it **must** be configured to use `/usr/bin/qubes-gpg-client-wrapper` (as discussed aboved) rather than `/usr/bin/qubes-gpg-client`. +The Keybase service does not preserve/pass the `QUBES_GPG_DOMAIN` environment variable through to underlying GPG processes, so it **must** be configured to use `/usr/bin/qubes-gpg-client-wrapper` (as discussed above) rather than `/usr/bin/qubes-gpg-client`. The following command will configure Keybase to use `/usr/bin/qubes-gpg-client-wrapper` instead of its built-in GPG client: