Name: qubes-app-linux-split-gpg
Owner: Qubes OS Project
Description: Qubes component: app-linux-split-gpg
Created: 2015-02-11 01:27:27.0
Updated: 2018-05-05 19:44:58.0
Pushed: 2018-04-15 02:41:59.0
Homepage: null
Size: 274
Language: C
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
Split GPG implements a concept similar to having a smart card with your private GPG keys, except that the role of the ?smart card? plays another Qubes AppVM. This way one, not-so-trusted domain, e.g. the one where Thunderbird is running, can delegate all crypto operations, such as encryption/decryption and signing to another, more trusted, network-isolated, domain. This way the compromise of your domain where Thunderbird or another client app is running ? arguably a not-so-unthinkable scenario ? does not allow the attacker to automatically also steal all your keys. (We should make a rather obvious comment here that the so-often-used passphrases on private keys are pretty meaningless because the attacker can easily set up a simple backdoor which would wait until the user enters the passphrase and steal the key then.)
More in-depth usage information can be found here.