-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2017-05-14 03:51, Holger Levsen wrote: > On Sat, May 13, 2017 at 02:55:12PM -0500, Andrew David Wong wrote: >>> you really dont protect your gpg key with a passphrase?? >> See: https://www.qubes-os.org/doc/split-gpg/ > > oh wow :( > >> Why is that a problem? It's only visible in dom0. If an attacker is in >> dom0, it's already game over. > > no, the world is not black and white. > > If an attacker steals your computer while it's unlocked, all your gpg > encrypted stuff is wide open. > > If an attacker steals my computer while it's unlocked, my gpg encrypted > stuff is still locked. Surely the attacker can now install as many backdoors > as > they want, but as long as I don't type my gpg passphrase into that computer > anymore, it should be pretty safe. >
You're conflating two distinct problems: (1) Passphrases I've typed in dom0 are available in cleartext in dom0. (2) Data-at-rest is not encrypted while Qubes is booted and the screen is unlocked. We could solve (1) without solving (2). If we did that, it would solve the `ps` + qvm-backup problem (the first problem you mentioned), since my backup would be encrypted, and the thief wouldn't have access to the backup decryption passphrase. (2) is the second problem you mentioned. Solving (2) is distinct from solving (1), but in order for the solution to (2) to be satisfactory, we also have to solve (1) (or make sure no similar problem arises for per-VM encryption), since otherwise my data-at-rest passphrase could be obtained via (1). I think the right approach to (2) in Qubes is per-VM encryption [1] (probably with LUKS instead of GPG, and certainly not relying on public key crypto, though hopefully we're all already in agreement on the latter point). If I'm in an untrusted physical environment, I should be able to work with less sensitive VMs without decrypting sensitive VMs, and if someone steals my unlocked laptop, they shouldn't be able to gain access to the encrypted sensitive VMs. That's the goal, anyway. [1] https://github.com/QubesOS/qubes-issues/issues/1293 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZGLwgAAoJENtN07w5UDAwAbQP/juQIolMCIFVF8m+MP4pAOkK 2AssF3W2S9ta9HBj5zFQNxCPrkkg/cF0rK78iB5C4QevU/vXlGQSbtmudQL8vejV S/tEXPQQZCpU9+9HOXkAAUSXGYxd8rr5j6xtUx5j+GwBV/1RFH1GEyzDAafU/bZR 7Sa8t0HPx6pjOPst85i0Fg++qmka/t0aBjTrjwk63LijqBZXz8FBpeQKdqAzv8Ip he6/EpDSRP7H6VRuIm8iFeYs/6ohFOemesp8BMF7tcPYxOI68rQTtzdgpSYIf4ve oALypvQ1oDJt8z/TKckbrGlIk5lYJfOuKq3/4MkyoZxM8V24yKPNaeeoyiEsLvOH QrnBzyBSbxMIZnuHfNyTb5QGn+YM511hHaGQFSxqCPsSD4orVmuXpnJsm2YdEXeU iChHyzdfsUrWOeh1TgqnfQ078AvK3JZKMwHwOYucYERgSMu5yUFjS57yv60FdmsH yXl5S+I9CThKdr9y8mHq8GujEOlMjMG7eqlA8Q/Up48T7RQnHF8Ivrntkiwb4pBb B2iciTO5KZ+JhcPqoNp/NPCvv3G4R2s0vtFF8QO3nMFjczVv9D3hrockRBEh7rkz HMVaobICdqMKemHF4Dg30gqG5V9WDpiMwFybj2x339SoOLb6E3rMJ+YH3hM+vvVm Bd5Hzi2hwvaAD/S31BZx =6VoB -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dfbbdb3b-7dab-f4ce-7c78-7991675f1b01%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.