rc3: Split-gpg + enigmail frequent "qubes.Gpg" prompts
38 views
Skip to first unread message
Chris Laprise
Jan 13, 2018, 12:28:13 AM1/13/18
to qubes-users
On Qubes 4.0-rc3 I recently setup Enigmail in Thunderbird to access my
Split-gpg configuration, which I was already using with git. But every
time I encounter a signed message, I'm prompted by a dom0 "qubes.Gpg"
dialog box as many as 4 times in a row (the back-end vm prompts me only
once for the defined time interval).
With the current behavior, I'll probably have to disable Enigmail.
I've double-checked my settings with the split-gpg doc, but I'm
wondering if this could be a bug or if I'm just missing something.
Versions
Debian 9 or Fedora 26
Thunderbird 52.5.2
Enigmail 1.9.9
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
Split-gpg configuration, which I was already using with git. But every
time I encounter a signed message, I'm prompted by a dom0 "qubes.Gpg"
dialog box as many as 4 times in a row (the back-end vm prompts me only
once for the defined time interval).
With the current behavior, I'll probably have to disable Enigmail.
I've double-checked my settings with the split-gpg doc, but I'm
wondering if this could be a bug or if I'm just missing something.
Versions
Debian 9 or Fedora 26
Thunderbird 52.5.2
Enigmail 1.9.9
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
mossy-nw
Jan 16, 2018, 7:28:25 PM1/16/18
to qubes-users
I've experienced this, too. It could be a side-effect of a recent
presumably security enhancement disabling qvm-copy-to-vm and
qvm-move-to-vm, replacing with qvm-copy and qvm-move, requiring the user
to enter the target domain in a dom0 confirmation popup window.
using qvm-copy-to-vm (within a VM, not dom0) gives the following message:
```
qvm-copy-to-vm/qvm-move-to-vm tools are deprecated,
use qvm-copy/qvm-move to avoid typing target qube name twice
```
If it helps, you can copy from the dom0 dialog window to the dom0
clipboard and paste over and over. But I agree, it makes GPG
encrypting/signing everything by default (which is what makes enigmail
so wonderful!) too painful to use. A bug report --
https://github.com/QubesOS/qubes-issues/issues/3470 -- will hopefully
help find some security-minded compromise to help users encrypting many
emails.
thx,
m0ssy
Chris Laprise:
presumably security enhancement disabling qvm-copy-to-vm and
qvm-move-to-vm, replacing with qvm-copy and qvm-move, requiring the user
to enter the target domain in a dom0 confirmation popup window.
using qvm-copy-to-vm (within a VM, not dom0) gives the following message:
```
qvm-copy-to-vm/qvm-move-to-vm tools are deprecated,
use qvm-copy/qvm-move to avoid typing target qube name twice
```
If it helps, you can copy from the dom0 dialog window to the dom0
clipboard and paste over and over. But I agree, it makes GPG
encrypting/signing everything by default (which is what makes enigmail
so wonderful!) too painful to use. A bug report --
https://github.com/QubesOS/qubes-issues/issues/3470 -- will hopefully
help find some security-minded compromise to help users encrypting many
emails.
thx,
m0ssy
Chris Laprise:
Reply all
Reply to author
Forward
0 new messages