/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Split GPG with Thunderbird+Enigmail - frequent qubes.Gpg dialog prompts #3470

Closed
mossy-nw opened this Issue Jan 17, 2018 · 6 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 4.0
4 participants
@mossy-nw @tasket @mfc @andrewdavidwong
@mossy-nw

mossy-nw commented Jan 17, 2018

Qubes OS version:

R4.0_rc3

Affected TemplateVMs:

fedora-26
debian-9
probably any others used with split-gpg

Steps to reproduce the behavior:

  • Configure split-GPG for Thunderbird + Enigmail according to qubes-split-gpg
  • save, send, read, or verify GPG encrypted or signed emails

Expected behavior:

  • enter VM name/click to confirm operation on VM containing GPG private key

Actual behavior:

  • dom0 qubes.Gpg dialog pops up repeatedly prompting for VM name containing GPG private key. Pops up at least once for each single email, and as many as 4-5 times in a row to send a signed and encrypted email.

General notes:

  • it's still functional, but usability suffers greatly.

Related issues:

possibly related to recent deprecation of qvm-copy-to-vm/qvm-move-to-vm tools (now requiring entering destination VM in dom0 dialog)?

@andrewdavidwong andrewdavidwong added bug C: other labels Jan 17, 2018

@andrewdavidwong andrewdavidwong added this to the Release 4.0 milestone Jan 17, 2018

@tasket

This comment has been minimized.

Show comment
Hide comment
@tasket

tasket Jan 18, 2018

Discussion - https://groups.google.com/d/msgid/qubes-users/8e8080b9-8422-0dc3-eff5-097deb995be4%40posteo.net

I'd like to emphasize that merely browsing signed messages triggers multiple dialog prompts for each message. This makes Enigmail unbearable in its intended capacity as an overall guard against forgery.

Of course, you can enable it just for signing, but if other people similarly don't enable it for general reading then the utility of signing is diminished.

tasket commented Jan 18, 2018

Discussion - https://groups.google.com/d/msgid/qubes-users/8e8080b9-8422-0dc3-eff5-097deb995be4%40posteo.net

I'd like to emphasize that merely browsing signed messages triggers multiple dialog prompts for each message. This makes Enigmail unbearable in its intended capacity as an overall guard against forgery.

Of course, you can enable it just for signing, but if other people similarly don't enable it for general reading then the utility of signing is diminished.

@andrewdavidwong andrewdavidwong added the P: major label Jan 19, 2018

@mossy-nw

This comment has been minimized.

Show comment
Hide comment
@mossy-nw

mossy-nw Jan 19, 2018

not yet able to confirm but think this could be fixed in R4.0 using appropriate qrexec policy. See #3251 and https://www.qubes-os.org/news/2017/10/03/core3/

mossy-nw commented Jan 19, 2018

not yet able to confirm but think this could be fixed in R4.0 using appropriate qrexec policy. See #3251 and https://www.qubes-os.org/news/2017/10/03/core3/
@mossy-nw

This comment has been minimized.

Show comment
Hide comment
@mossy-nw

mossy-nw Jan 19, 2018

OK this fixes it! Edit the file /etc/qubes-rpc/policy/qubes.Gpg to:

clientVM  keysVM  allow
$anyvm  $anyvm  ask

where client is your thunderbird+enigmail VM and keys is where your GPG private keys live. I'll update the docs and then close this issue.

mossy-nw commented Jan 19, 2018
edited
Edited 1 time
  • @mossy-nw mossy-nw edited Jan 19, 2018 (most recent)

OK this fixes it! Edit the file /etc/qubes-rpc/policy/qubes.Gpg to:

clientVM  keysVM  allow
$anyvm  $anyvm  ask

where client is your thunderbird+enigmail VM and keys is where your GPG private keys live. I'll update the docs and then close this issue.

@mossy-nw mossy-nw referenced this issue in QubesOS/qubes-doc Jan 19, 2018

Merged

Update split-gpg.md #518

@mossy-nw mossy-nw closed this Jan 19, 2018

@mossy-nw

This comment has been minimized.

Show comment
Hide comment
@mossy-nw

mossy-nw Jan 19, 2018

mossy-nw commented Jan 19, 2018

@tasket

This comment has been minimized.

Show comment
Hide comment
@tasket

tasket Jan 19, 2018

@mossy-nw OK, thanks!

tasket commented Jan 19, 2018

@mossy-nw OK, thanks!

@andrewdavidwong andrewdavidwong added the resolved label Jan 20, 2018

@mfc

This comment has been minimized.

Show comment
Hide comment
@mfc

mfc Jul 9, 2018

Member

created pull request moving this content to appropriate section of documentation: QubesOS/qubes-doc#676
Member

mfc commented Jul 9, 2018

created pull request moving this content to appropriate section of documentation: QubesOS/qubes-doc#676
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment