Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Qubes Master Signing Key to dom0 #2544

Open
andrewdavidwong opened this issue Dec 28, 2016 · 5 comments · May be fixed by QubesOS/qubes-core-admin#370
Open

Add Qubes Master Signing Key to dom0 #2544

andrewdavidwong opened this issue Dec 28, 2016 · 5 comments · May be fixed by QubesOS/qubes-core-admin#370

Comments

@andrewdavidwong
Copy link
Member

@andrewdavidwong andrewdavidwong commented Dec 28, 2016

As John David R. Smith suggested, the Qubes Master Signing Key should be included in dom0, to mitigate the risk of an MITM attack replacing the key. This would also provide users with an additional means of confirming that their copy of the key is genuine. (As a corollary, it's yet another place that an attacker would have to attempt to replace the key with a forgery in order to deceive users.)

I recall someone suggesting this a long time ago, and I (think I) also recall @marmarek doing it, but I can't find the original thread or issue, and I don't see the key in /etc/pki/rpm-gpg/.

@rustybird
Copy link

@rustybird rustybird commented Dec 28, 2016

I recall someone suggesting this a long time ago, and I (think I) also recall @marmarek doing it, but I can't find the original thread or issue, and I don't see the key in /etc/pki/rpm-gpg/.

qubes-core-vm provides /usr/share/qubes/qubes-master-key.asc in VMs, but providing it in dom0 too would help people who have their DVD writer attached to the same controller as their hard disk. They could burn a verified Qubes (and only Qubes) ISO in dom0 without breaking the security model.

Loading

@tasket
Copy link

@tasket tasket commented Oct 24, 2017

This would be really nice to have in R3.2 about now. It makes the key verification a bit more secure, and helps users by removing several steps from the process. Even better if the R4.0 signing key is also included.

I think it makes sense to include the signing key for the next iteration in the current OS.

Loading

@andrewdavidwong andrewdavidwong removed this from the Release 4.0 milestone Oct 25, 2017
@andrewdavidwong andrewdavidwong added this to the Release 3.2 updates milestone Oct 25, 2017
@andrewdavidwong
Copy link
Member Author

@andrewdavidwong andrewdavidwong commented Apr 1, 2019

This issue is being closed because:

If anyone believes that this issue should be reopened, please let us know in a comment here.

Loading

@woju
Copy link
Member

@woju woju commented Apr 1, 2019

@andrewdavidwong This doesn't seem related to a particular release.

Loading

@marmarek marmarek reopened this Apr 1, 2019
@marmarek marmarek removed this from the Release 3.2 updates milestone Apr 1, 2019
@marmarek marmarek added this to the Release 4.1 milestone Apr 1, 2019
@andrewdavidwong
Copy link
Member Author

@andrewdavidwong andrewdavidwong commented Aug 18, 2019

Documented in Verifying Signatures. Related issue: #4292.

Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

5 participants