Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-10-01 01:25:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Improve empty passphrase explanation (#734)

Browse Source 
- Fix grammar and orthography
- Clarify phrasing
- Improve formatting
- Provide links to sections containing security explanations
- Use reference-style links
This commit is contained in:
Andrew David Wong 2018-11-12 04:16:54 -06:00
parent 5e8d990a93
commit 663f96aae3
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
security/split-gpg.md
View File

@ -75,13 +75,15 @@ could start a Disposable VM and have the to-be-signed document displayed
there? To Be Determined.
- The Split GPG client will fail to sign or encrypt if the private key in the
GnuPG backend is protected by a passphrase, it will give a *"Inappropriate ioctl
for device"* error. Avoid setting passphrases for the private keys in the GPG
backend domain, it won't provide extra security anyway, as explained before.
If you are generating a new key pair, or if you have a private
key that already has a passphrase and use
`gpg2 --edit-key {key_id}` then `passwd`, then pinentry [might show an error when
setting an empty passphrase but still make the change](https://unix.stackexchange.com/a/379373).
GnuPG backend is protected by a passphrase. It will give an `Inappropriate ioctl
for device` error. Do not set passphrases for the private keys in the GPG
backend domain. Doing so won't provide any extra security anyway, as explained
[above][intro] and [below][using split GPG with subkeys]. If you are generating
a new key pair, or if you have a private key that already has a passphrase, you
can use `gpg2 --edit-key <key_id>` then `passwd` to set an empty passphrase.
Note that `pinentry` might show an error when you try to set an empty
passphrase, but it will still make the change. (See [this StackExchange
answer][se-pinentry] for more information.)
## Configuring Split GPG ##
@ -396,6 +398,8 @@ exercise caution and use your good judgment.)
[#474]: https://github.com/QubesOS/qubes-issues/issues/474
[using split GPG with subkeys]: #advanced-using-split-gpg-with-subkeys
[intro]: #what-is-split-gpg-and-why-should-i-use-it-instead-of-the-standard-gpg
[se-pinentry]: https://unix.stackexchange.com/a/379373
[subkeys]: https://wiki.debian.org/Subkeys
[copied]: /doc/copying-files#on-inter-qube-file-copy-security
[pasted]: /doc/copy-paste#on-copypaste-security