Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-01-13 00:09:47 -05:00
Code Issues Packages Projects Releases Wiki Activity

splitgpg: rewording according to Marek's comments

Browse Source
This commit is contained in:
Frédéric Pierret (fepitre) 2020-02-14 12:13:03 +01:00
parent ff018b699f
commit 0ddbfe2104
No known key found for this signature in database
GPG Key ID: 484010B5CDC576E2
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
user/security-in-qubes/split-gpg.md
View File

@ -152,14 +152,14 @@ Note that, because this makes it easier to accept Split GPG's qrexec authorizati
### Using Thunderbird + Enigmail with Split GPG ### ### Using Thunderbird + Enigmail with Split GPG ###
It is recommended to set up and use `/usr/bin/qubes-gpg-client-wrapper`, as discussed above, by pointing Enigmail at this script instead of the standard GnuPG binary: It is recommended to set up and use `/usr/bin/qubes-gpg-client-wrapper`, as discussed above, in Thunderbird thought it's Enigmail addon.
**Warning:** Before adding any account, configuring Enigmail with `/usr/bin/qubes-gpg-client-wrapper` is **required**. By default, Enigmail will generate a default GPG key in `work` associated with the newly created Thunderbird account. Generally, it corresponds to the email used in `work-gpg` associated to your private key. In consequence, a new, separate private key will be stored in `work` but it _does not_ correspond to your private key in `work-gpg`. Comparing the `fingerprint` or `expiration date` will show that they are not the same private key. In order to prevent Enigmail using this default generated local key in `work`, you can safely remove it.
On a fresh Enigmail install, your need to change the default `Enigmail Junior Mode`. Go to Thunderbird preferences and then privacy tab. Select `Force Enigmail to S/MIME and Enigmail`. Then, in the preferences of Enigmail, make it pointing at `/usr/bin/qubes-gpg-client-wrapper` instead of the standard GnuPG binary:
![tb-enigmail-split-gpg-settings-2.png](/attachment/wiki/SplitGpg/tb-enigmail-split-gpg-settings-2.png) ![tb-enigmail-split-gpg-settings-2.png](/attachment/wiki/SplitGpg/tb-enigmail-split-gpg-settings-2.png)
**Warning:** By default, Enigmail could generate a default GPG key in `work` associated with the newly created Thunderbird account. Generally, it corresponds to the email used in
`work-gpg` associated to your private key. In consequence, you will obtain `gpg -K` in `work` being non-empty but it _does not_ correspond to your private key in `work-gpg`.
Comparing the `fingerprint` or `expiration date` will show that they are not the same private key. In order to prevent Enigmail using this defaut generated local key in `work`, you can safely remove it.
## Using Git with Split GPG ## ## Using Git with Split GPG ##
Git can be configured to used with Split GPG, something useful if you would like to contribute to the Qubes OS Project as every commit is required to be signed. Git can be configured to used with Split GPG, something useful if you would like to contribute to the Qubes OS Project as every commit is required to be signed.