mirror of
https://github.com/Qubes-Community/Contents.git
synced 2024-12-22 21:59:26 -05:00
Update split-ssh.md
This commit is contained in:
parent
bc91bfd5d8
commit
224c17dba6
@ -368,6 +368,13 @@ Depending on your threat model you can:
|
|||||||
* Add an additional security layer by adding a second encryption layer (e.g. VeraCrypt, \*.7z with password)
|
* Add an additional security layer by adding a second encryption layer (e.g. VeraCrypt, \*.7z with password)
|
||||||
* Upload the \*.kdbx to an end-to-end-encrypted email box (e.g. Tutanota, ProtonMail)
|
* Upload the \*.kdbx to an end-to-end-encrypted email box (e.g. Tutanota, ProtonMail)
|
||||||
|
|
||||||
|
## Security Benefits
|
||||||
|
|
||||||
|
In the setup described in this guide, even an attacker who manages to gain access to the `ssh-client` VM will not be able to obtain the user’s private key since it is simply not there.
|
||||||
|
Rather, the private key remains in the `vault` VM, which is extremely unlikely to be compromised, if nothing is ever copied or transferred into it.
|
||||||
|
In order to gain access to the vault VM, the attacker would require the use of, e.g., a general Xen VM escape exploit or a signed, compromised package which is already installed in the TemplateVM upon which the vault VM is based.
|
||||||
|
|
||||||
|
|
||||||
Want more Qubes split magic?
|
Want more Qubes split magic?
|
||||||
Check out [Split-GPG][Split-GPG].
|
Check out [Split-GPG][Split-GPG].
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user