From e3d7908100bd771419c027861d453a89c8c30bca Mon Sep 17 00:00:00 2001
From: Fidel Ramos <haplo@users.noreply.github.com>
Date: Sat, 20 Oct 2018 19:28:29 +0000
Subject: [PATCH] Reorganize mentions to passphrases in Split GPG

I added a mention about the limitation regarding passphrase-protected GPG keys
in the *Setting up the GPG backend domain* section, which is the one that users
will follow up in their initial set up. Given that this issue is not specific of any
QubesOS version I don't think it deserves a mention in those sections.
---
 security/split-gpg.md | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/security/split-gpg.md b/security/split-gpg.md
index def1210b..271e819f 100644
--- a/security/split-gpg.md
+++ b/security/split-gpg.md
@@ -77,11 +77,11 @@ there? To Be Determined.
 - The Split GPG client will fail to sign or encrypt if the private key in the
 GnuPG backend is protected by a passphrase, it will give a *"Inappropriate ioctl
 for device"* error. Avoid setting passphrases for the private keys in the GPG
-backend domain, it won't provide extra security anyway, if an attacker gains
-access to it they will likely be able to get the passphrase too. If you have a
-private key that already has a passphrase set use `gpg2 --edit-key <key_id>`,
-then `passwd`. Be aware that `pinentry-ncurses` doesn't allow setting empty
-passphrases, so you would need to install `pinentry-gtk`.
+backend domain, it won't provide extra security anyway, as explained before. If
+you have a private key that already has a passphrase set use `gpg2 --edit-key
+<key_id>`, then `passwd` to set an empty passphrase. Be aware that
+`pinentry-ncurses` doesn't allow setting empty passphrases, so you would need to
+install `pinentry-gtk` for it to work.
 
 ## Configuring Split GPG ##
 
@@ -123,6 +123,9 @@ for key access should be valid (default 5 minutes). This is adjustable via
 
     [user@work-gpg ~]$ echo "export QUBES_GPG_AUTOACCEPT=86400" >> ~/.bash_profile
 
+Please be aware of the caveat regarding passphrase-protected keys in the
+[Current limitations][current-limitations] section.
+
 ### Configuring the client apps to use Split GPG backend ###
 
 Normally it should be enough to set the `QUBES_GPG_DOMAIN` to the GPG backend
@@ -171,14 +174,6 @@ the name of the GPG backend VM. This file survives the AppVM reboot, of course.
     [user@work ~]$ sudo bash
     [root@work ~]$ echo "work-gpg" > /rw/config/gpg-split-domain
 
-A note on passphrases:
-
-You may experience trouble when attempting to use a PGP key *with a passphrase*
-along with Split-GPG and Enigmail. If you do, you may need to remove the
-passphrase from your (sub)key(s) in order to get Split-GPG working correctly.
-As mentioned above, we do not believe PGP key passphrases to be significant
-from a security perspective.
-
 ## Qubes 4.0 Specifics ##
 
 ### Using Thunderbird + Enigmail with Split GPG ###
@@ -411,4 +406,5 @@ exercise caution and use your good judgment.)
 [cabal]: https://alexcabal.com/creating-the-perfect-gpg-keypair/
 [luck]: https://gist.github.com/abeluck/3383449
 [apapadop]: https://apapadop.wordpress.com/2013/08/21/using-gnupg-with-qubesos/
+[current-limitations]: #current-limitations