Spilt-GPG help - 3.2
vel...@tutamail.com
I am hoping I can get some help with "split-GPG" setup and signing emails. Some notes and questions about my configuration:
* I plan to use Thunderbird.
* I have since created a new vault from default during installation - I have some files in this vault, documents, some passwords...I consider this non-networked VM my "vault", although I am just getting into certificates for email signing and email encryption.
- Should I use this VM for my certificates(or a dedicated certificate VM) or is it a big no?
* I found a good tutorial on creating certificates using GnuPG with QubesOS: https://apapadop.wordpress.com/2013/08/21/using-gnupg-with-qubesos/
( a little dated but did create test certificates...thanks Apapadop!)
* I followed the steps in this Qubes-OS wiki: https://www.qubes-os.org/doc/split-gpg/ , however I get lost here:
Setting up the GPG backend domain
Make sure the gpg is installed there and there are some private keys in the keyring, e.g.:
[user@work-gpg ~]$ gpg -K
/home/user/.gnupg/secring.gpg
-----------------------------
sec 4096R/3F48CB21 2012-11-15
uid Qubes OS Security Team <secu...@qubes-os.org>
ssb 4096R/30498E2A 2012-11-15
(...)
How do I create this file: /home/user/.gnupg/secring.gpg ?
Where do I keep my certificates in the "vault"? What commands or folders do I need to create?
I tried finding more basic instructions but my "Googling" had no luck...how do I put private keys in my "vault" keyring and use Thunderbird in a seperate, dedicated VM to sign and encrypt my emails utilizing split GPG?
Excuse me if this has already been answered or clarified in another post I couldn't find.
Greatfully,
V
sevas
Chris Laprise
> I love Qubes! Kudus to those developing and helping on this forum...I am sure others would agree that the effort is greatly appreciated.
>
> I am hoping I can get some help with "split-GPG" setup and signing emails. Some notes and questions about my configuration:
>
> * I plan to use Thunderbird.
>
> * I have since created a new vault from default during installation - I have some files in this vault, documents, some passwords...I consider this non-networked VM my "vault", although I am just getting into certificates for email signing and email encryption.
> - Should I use this VM for my certificates(or a dedicated certificate VM) or is it a big no?
(keepassx) and even small lists that you create in that vm. The only
files you should import from other vms into vault are gpg keys.
>
> * I found a good tutorial on creating certificates using GnuPG with QubesOS: https://apapadop.wordpress.com/2013/08/21/using-gnupg-with-qubesos/
> ( a little dated but did create test certificates...thanks Apapadop!)
>
> * I followed the steps in this Qubes-OS wiki: https://www.qubes-os.org/doc/split-gpg/ , however I get lost here:
>
> Setting up the GPG backend domain
>
> Make sure the gpg is installed there and there are some private keys in the keyring, e.g.:
>
> [user@work-gpg ~]$ gpg -K
> /home/user/.gnupg/secring.gpg
> -----------------------------
> sec 4096R/3F48CB21 2012-11-15
> uid Qubes OS Security Team <secu...@qubes-os.org>
> ssb 4096R/30498E2A 2012-11-15
> (...)
>
> How do I create this file: /home/user/.gnupg/secring.gpg ?
> Where do I keep my certificates in the "vault"? What commands or folders do I need to create?
created automatically whenever you generate new keys or import existing
ones.
>
> I tried finding more basic instructions but my "Googling" had no luck...how do I put private keys in my "vault" keyring and use Thunderbird in a seperate, dedicated VM to sign and encrypt my emails utilizing split GPG?
>
> Excuse me if this has already been answered or clarified in another post I couldn't find.
>
> Greatfully,
> V
>
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886