Merge branch 'patch-5' of https://github.com/gasull/qubes-doc into gasull-patch-5

security/split-gpg.md

@@ -74,14 +74,14 @@ signed before the operation gets approved. Perhaps the GPG backend domain
 could start a Disposable VM and have the to-be-signed document displayed
 there? To Be Determined.
 
-- The Split GPG client will fail to sign or encrypt if the private key in the
+- The Split GPG client will fail to sign or encrypt if the private key in the 
-GnuPG backend is protected by a passphrase, it will give a *"Inappropriate ioctl
+GnuPG backend is protected by a passphrase, it will give a *"Inappropriate ioctl 
-for device"* error. Avoid setting passphrases for the private keys in the GPG
+for device"* error. Avoid setting passphrases for the private keys in the GPG 
-backend domain, it won't provide extra security anyway, as explained before. If
+backend domain, it won't provide extra security anyway, as explained before. 
-you have a private key that already has a passphrase set use
+If you are generating a new key pair, or if you have a private 
-`gpg2 --edit-key {key_id}`, then `passwd` to set an empty passphrase. Be aware
+key that already has a passphrase and use 
-that `pinentry-ncurses` doesn't allow setting empty passphrases, so you would need
+`gpg2 --edit-key {key_id}` then `passwd`, then pinentry [might show an error when
-to install `pinentry-gtk` for it to work.
+setting an empty passphrase but still make the change](https://unix.stackexchange.com/a/379373).
 
 ## Configuring Split GPG ##