Addon: Split GPG using GPG v2.1 architecture #474
Comments
marmarek
added
T: bug
|
Comment by joanna on 31 Mar 2012 12:13 UTC |
|
Modified by joanna on 8 Oct 2012 09:22 UTC |
|
Modified by joanna on 2 Nov 2012 14:23 UTC |
marmarek
added
T: enhancement
|
Modified by joanna on 8 Feb 2013 12:57 UTC |
|
Modified by joanna on 24 Feb 2013 15:29 UTC |
marmarek
added
P: minor
marmarek
changed the title
|
Comment by abel on 12 Mar 2013 09:51 UTC
|
|
Modified by joanna on 12 Mar 2013 10:29 UTC |
marmarek
added
P: major
|
Comment by joanna on 12 Mar 2013 10:35 UTC However, what I don't like in your description above is that you wrote: "gpg-agent will be the sole holder of all public+private key material". The fundamental problem with current implementation is that one needs to import public keys (untrusted files!) into the secure vault where gpg backend is running. And this is what we want to get rid of, and my mail to gunpg-devel, referenced above, was exactly about how to achieve that. Now, when you say that gpg-agent is maintaing both secret and public keys, I don't see how we can gain anything from v2.1? And this seems contradictory to Werner Koch wrote in this thread: "GnuPG-2 has been designed to separate private key and public key operations.". Also note that he mentiones v2, not v2.1... |
|
Modified by Nukama on 4 May 2013 16:06 UTC |
marmarek
changed the title
|
Modified by joanna on 1 Aug 2013 11:56 UTC |
|
Modified by joanna on 20 Apr 2014 17:02 UTC |
andrewdavidwong
removed
the
S: needs review
|
i'd recommend adding this to the release notes since it's notable (assuming it is making it to R4.1-rc4) |
Change config file to an INI-like format. This allows sections for separate clients, without writing conditional code in bash. To preserve useful example from the old format, implement 'isolated_gnupghome_dirs directly in python. While at it, abandon using config file on the client side at all, and hardcode qrexec target to '@default'. This moves chosing the server vm to the qrexec policy. The new format allows more values for 'autoaccept' - besides just timeout, allow also 'yes' (always skip confirmation) and 'no' (always ask). QubesOS/qubes-issues#474
Change config file to an INI-like format. This allows sections for separate clients, without writing conditional code in bash. To preserve useful example from the old format, implement 'isolated_gnupghome_dirs directly in python. While at it, abandon using config file on the client side at all, and hardcode qrexec target to '@default'. This moves chosing the server vm to the qrexec policy. The new format allows more values for 'autoaccept' - besides just timeout, allow also 'yes' (always skip confirmation) and 'no' (always ask). QubesOS/qubes-issues#474
Change config file to an INI-like format. This allows sections for separate clients, without writing conditional code in bash. To preserve useful example from the old format, implement 'isolated_gnupghome_dirs directly in python. While at it, abandon using config file on the client side at all, and hardcode qrexec target to '@default'. This moves chosing the server vm to the qrexec policy. The new format allows more values for 'autoaccept' - besides just timeout, allow also 'yes' (always skip confirmation) and 'no' (always ask). QubesOS/qubes-issues#474
Change config file to an INI-like format. This allows sections for separate clients, without writing conditional code in bash. To preserve useful example from the old format, implement 'isolated_gnupghome_dirs directly in python. While at it, abandon using config file on the client side at all, and hardcode qrexec target to '@default'. This moves chosing the server vm to the qrexec policy. The new format allows more values for 'autoaccept' - besides just timeout, allow also 'yes' (always skip confirmation) and 'no' (always ask). QubesOS/qubes-issues#474
|
split-gpg2 is now shipping, this can be closed. |
Reported by joanna on 8 Mar 2012 16:01 UTC
None
Migrated-From: https://wiki.qubes-os.org/ticket/474
The text was updated successfully, but these errors were encountered: