Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-05-16 05:32:29 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add link to incomplete page on split-gpg-2 from current split-gpg page

Browse source
This commit is contained in:
unman 2025-05-11 12:30:50 +00:00
parent ec6f975c82
commit a5b15bdf5b
No known key found for this signature in database
GPG key ID: BB52274595B71262
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
user/security-in-qubes/split-gpg.md
View file

@ -16,6 +16,12 @@ ref: 168
title: Split GPG
---
<div class="alert alert-warning" role="alert">
<i class="fa fa-exclamation-circle"></i>
<b>Note:</b> This information concerns split-gpg.
The implementation has been updated to provide more features in split-gpg-2. Some incomplete information on split-gpg-2 is available <a href="https://www.qubes-os.org/doc/split-gpg-2/">here</a>
</div>
Split GPG implements a concept similar to having a smart card with your private GPG keys, except that the role of the "smart card" is played by another Qubes app qube.
This way one not-so-trusted domain, e.g. the one where Thunderbird is running, can delegate all crypto operations -- such as encryption/decryption and signing -- to another, more trusted, network-isolated domain.
This way the compromise of your domain where Thunderbird or another client app is running -- arguably a not-so-unthinkable scenario -- does not allow the attacker to automatically also steal all your keys.