Update split-ssh.md

This commit is contained in:
Santori Helix 2020-11-18 12:37:37 +00:00 committed by GitHub
parent bc91bfd5d8
commit 224c17dba6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -368,6 +368,13 @@ Depending on your threat model you can:
* Add an additional security layer by adding a second encryption layer (e.g. VeraCrypt, \*.7z with password)
* Upload the \*.kdbx to an end-to-end-encrypted email box (e.g. Tutanota, ProtonMail)
## Security Benefits
In the setup described in this guide, even an attacker who manages to gain access to the `ssh-client` VM will not be able to obtain the users private key since it is simply not there.
Rather, the private key remains in the `vault` VM, which is extremely unlikely to be compromised, if nothing is ever copied or transferred into it.
In order to gain access to the vault VM, the attacker would require the use of, e.g., a general Xen VM escape exploit or a signed, compromised package which is already installed in the TemplateVM upon which the vault VM is based.
Want more Qubes split magic?
Check out [Split-GPG][Split-GPG].