Actions

Dev/Split GPG

From Whonix

< Dev


General, non-Whonix ™ related, enhancements that would be useful for Qubes Split GPG.

Questions[edit]

  • Could /usr/bin/qubes-gpg-client-wrapper used from the gpg client VM be used to delete the keys in the gpg server VM?

Notification Enhancement[edit]

The current notification... 

Keyring access from domain:
work-mail

is not that secure.

  • Gets unnoticed when being away. (A compromised VM could wait for that.)
  • Mass requests could not be stopped early enough.
  • Popup not using the Centralized Tray Notification [archive] (not yet implemented) - so popups are easily missed when being away for a short time.
  • Reading one mail in enigmail results in 3 popups flashing up. Users are accustomed to that popup spam. The malicious request could be sneaked in unnoticed into that.

show input to be processed by Split GPG Server[edit]

The Split GPG server VM could show and request each and every gpg command to be executed.

Purpose:

  • Preventing gpg from being exploited by maliciously crafted input by having the user manually have a look if the input looks strange.
Going to run the following command:

/usr/bin/qubes-gpg-client-wrapper --charset utf-8 --display-charset utf-8 --no-emit-version --no-comments --display-charset utf-8 --batch --no-tty --status-fd 2 --max-output 487200 --decrypt --use-agent

Content of stdin is:

```
-----BEGIN PGP MESSAGE-----
....
-----END PGP MESSAGE-----
```

Okay?
Yes | No [default]

Show processed output of GPG Server VM before relaying back[edit]

The Split GPG server VM could show the output of a request before sending it back to the client VM.

Purpose:

  • Have the user check if what has been decrypted looks like expected. I.e. seeing an old mail being decrypted that was not requested could alert the user, that the gpg client VM has likely been compromised.
  • Have the user only sign documents the user really wanted to sign and not maliciously altered copy.
The output of the following command:

 /usr/bin/qubes-gpg-client-wrapper --charset utf-8 --display-charset utf-8 --no-emit-version --no-comments --display-charset utf-8 --batch --no-tty --status-fd 2 --max-output 487200 --decrypt --use-agent

was:

```
decrypted text goes here
```

Send back to gpg client VM?

Yes | No [default]

x[edit]

--yes --set-notation --sign-with --output reprepro

Fosshost is sponsors Kicksecure ™ stage server 100px
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: Discourse logo.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contribute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png link=mailto:?subject=Dev/Split GPG&body=../Dev/Split_GPG link=https://reddit.com/submit?url=../Dev/Split_GPG&title=Dev/Split GPG link=https://news.ycombinator.com/submitlink?u=../Dev/Split_GPG&t=Dev/Split GPG link=https://mastodon.technology/share?message=Dev/Split GPG%20../Dev/Split_GPG&t=Dev/Split GPG

Have you contributed to Whonix ™? If so, feel free to add your name and highlight what you did on the Whonix ™ authorship page.

https link onion link Priority Support | Investors | Professional Support

Whonix | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

Retrieved from "https://www.whonix.org/w/index.php?title=Dev/Split_GPG&oldid=45656"
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.
More information