Add Qubes Master Signing Key to dom0

[andrewdavidwong]

As John David R. Smith suggested, the Qubes Master Signing Key should be included in dom0, to mitigate the risk of an MITM attack replacing the key. This would also provide users with an additional means of confirming that their copy of the key is genuine. (As a corollary, it's yet another place that an attacker would have to attempt to replace the key with a forgery in order to deceive users.)

I recall someone suggesting this a long time ago, and I (think I) also recall @marmarek doing it, but I can't find the original thread or issue, and I don't see the key in /etc/pki/rpm-gpg/.

[rustybird]

I recall someone suggesting this a long time ago, and I (think I) also recall @marmarek doing it, but I can't find the original thread or issue, and I don't see the key in /etc/pki/rpm-gpg/.

qubes-core-vm provides /usr/share/qubes/qubes-master-key.asc in VMs, but providing it in dom0 too would help people who have their DVD writer attached to the same controller as their hard disk. They could burn a verified Qubes (and only Qubes) ISO in dom0 without breaking the security model.

[tasket]

This would be really nice to have in R3.2 about now. It makes the key verification a bit more secure, and helps users by removing several steps from the process. Even better if the R4.0 signing key is also included.

I think it makes sense to include the signing key for the next iteration in the current OS.

[andrewdavidwong]

This issue is being closed because:

• This issue has the "Release 3.2 updates" milestone.
• Qubes OS 3.2 recently reached end-of-life (EOL).
• This issue has not been updated in over a year.

If anyone believes that this issue should be reopened, please let us know in a comment here.

[woju]

@andrewdavidwong This doesn't seem related to a particular release.