Split GPG issue

[Claudio Chinicz]

Hi All,

I'm trying to use Split GPG with Thunderird/EnigmaMail (running on an AppVM based on whonix-ws). My work-gpg VM is based on Fedora-30.

I've followed the instructions found on https://www.qubes-os.org/doc/split-gpg/.  I had to create ~/.profile manually with the QUBES_GPG_AUTOACCEPT on dom0.

When I configure Enigmamail Preferences and "overide" with the qubes-gpg-client-wrapper and push the "ok" button I get this error message "Cannot connect to gpg-agent. Maybe your system uses a specialized tool for passphrase handling (e.g. gnome-keyring, seahorse-agent, KDE wallet manager, ...). Unfortunately Enigmail cannot control the passphrase timeout for the tool you are using. Therefore the respective timeout settings in Enigmail are disregarded." (my work-gpg VM starts automatically when I start Thunderbird).

I've tried to create a key and (obviously) got an error message. I've checked the Enigmamail log/terminal and found this:

/usr/bin/qubes-gpg-client-wrapper --charset utf-8 --display-charset utf-8 --no-auto-check-trustdb --batch --no-tty --no-verbose --status-fd 2 --gen-key%echo Generating key

Key-Type: EDDSA

Key-Curve: Ed25519

Key-Usage: sign

Subkey-Type: ECDH

Subkey-Curve: Curve25519

Subkey-Usage: encrypt

Name-Real: <name>

Name-Email: <my mail addr> 

Expire-Date: 1825 

Has anyone had the same issue?

Additionally, I would like to ask if anyone knows how to use the same work-gpg VM with multiple AppVM? I want to use also with another Thunderbird instance running on a regular (non-torrified) VM with another email account. Should I add another line in qubes.Gpg (dom0) with the "<2nd AppVM> work-gpg allow" statement as a second line, beneath "personal-whonix work-gpg allow"?

Thanks in advance

[pillule]

On Wed, Jan 29 2020, Claudio Chinicz wrote:

> Hi All,
>
> I’m trying to use Split GPG with Thunderird/EnigmaMail (running on an AppVM
> based on whonix-ws). My work-gpg VM is based on Fedora-30.
>
> I’ve followed the instructions found on
> https://www.qubes-os.org/doc/split-gpg/. I had to create ~/.profile

> manually with the QUBES_{GPGAUTOACCEPT} on dom0.

>
> When I configure Enigmamail Preferences and “overide” with the
> qubes-gpg-client-wrapper and push the “ok” button I get this error message
> “Cannot connect to gpg-agent. Maybe your system uses a specialized tool for
> passphrase handling (e.g. gnome-keyring, seahorse-agent, KDE wallet

> manager, …). Unfortunately Enigmail cannot control the passphrase timeout

> for the tool you are using. Therefore the respective timeout settings in
> Enigmail are disregarded.” (my work-gpg VM starts automatically when I
> start Thunderbird).
>
> I’ve tried to create a key and (obviously) got an error message. I’ve
> checked the Enigmamail log/terminal and found this:
>

> /usr/bin/qubes-gpg-client-wrapper –charset utf-8 –display-charset utf-8
> –no-auto-check-trustdb –batch –no-tty –no-verbose –status-fd 2
> –gen-key%echo Generating key

> Key-Type: EDDSA
> Key-Curve: Ed25519
> Key-Usage: sign
> Subkey-Type: ECDH
> Subkey-Curve: Curve25519
> Subkey-Usage: encrypt
> Name-Real: <name>
> Name-Email: <my mail addr>
> Expire-Date: 1825
>
> Has anyone had the same issue?

I dunno for thunderbird; does it work if you try by command line?

I have a problem with it if I set up VM-gpg with a minimal
template, otherwise it works fine …

> Additionally, I would like to ask if anyone knows how to use the same
> work-gpg VM with multiple AppVM? I want to use also with another
> Thunderbird instance running on a regular (non-torrified) VM with another
> email account. Should I add another line in qubes.Gpg (dom0) with the “<2nd
> AppVM> work-gpg allow” statement as a second line, beneath “personal-whonix
> work-gpg allow”?

Yes you can use the same VM-gpg for multiple AppVM by adding a new
line before “@anyvm @anyvm ask”

[clau...@cloudnow.co.il]

Thanks! It works.