mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2025-02-04 17:05:22 -05:00
Remove waning about being unusable
This commit is contained in:
parent
0512a3807c
commit
66eaafa781
@ -74,18 +74,15 @@ signed before the operation gets approved. Perhaps the GPG backend domain
|
||||
could start a Disposable VM and have the to-be-signed document displayed
|
||||
there? To Be Determined.
|
||||
|
||||
- **Split GPG is unusable due to the following problem**:
|
||||
The Split GPG client will fail to sign or encrypt if the private key in the
|
||||
- The Split GPG client will fail to sign or encrypt if the private key in the
|
||||
GnuPG backend is protected by a passphrase, it will give a *"Inappropriate ioctl
|
||||
for device"* error. Avoid setting passphrases for the private keys in the GPG
|
||||
backend domain, it won't provide extra security anyway, as explained before.
|
||||
Unfortunately you can't set empty passphrases no matter what `pinentry-*` package
|
||||
you are using. If you are generating a new key pair, or if you have a private
|
||||
key that already has a passphrase and use
|
||||
`gpg2 --edit-key {key_id}`, then `passwd`, then pinentry won't allow setting an
|
||||
empty passphrase. This is true for any pinentry packages like `pinentry-ncurses`
|
||||
and `pinentry-gtk` in Fedora, and for `pinentry-curses`, `pinentry-gtk2` and
|
||||
`pinentry-gnome` in Debian.
|
||||
`gpg2 --edit-key {key_id}` then `passwd`, then pinentry [might show an error when
|
||||
setting an empty passphrase but still make the change](https://unix.stackexchange.com/a/379373).
|
||||
|
||||
## Configuring Split GPG ##
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user