-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/04/2019 12.59 PM, Ryan Tate wrote: > On Wed, Apr 3, 2019 at 1:53 PM Ryan Tate <ryant...@ryantate.com> > wrote: > >> That said, I would just note -- Files from dom0 do traverse >> other VMs in all the scenarios we've discussed. I expect in >> backup/restore scenario they are encrypted as they transit, for >> example, sys-usb. But I don't know of any reason this could not >> be the case for random files you want to export -- you would >> encrypt in gpg symmetric mode in dom0 with a passphrase (like a >> backup) before qvm-move-to-vm to sys-usb or wherever and out into >> the world. > > As I should have suspected, using the official backup-restore > tools does get you integrity checks (and perhaps better > encryption?) compared to this more basic technique I outlined, so > I'm not suggesting anyone run out and do it. > > https://www.qubes-os.org/doc/backup-emergency-restore-v4/ >
Right. The authentication check prior to decryption is critical to protecting dom0. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlyluYsACgkQ203TvDlQ MDDu2xAAnRBgCdSkgCTJs6nQs0gTy30ig/Ow5NqYTto6+pQfxOi1YYoQKAtzxNoH bejIpw9BzxmtTpb2s7sJ5LfChQpONVMghpHhUxuweUSsMQpKWQRdFcl/AgLWDUPl x65dqrl1rD/nvZ2gvyt0JxPgvLJGIrc7jnewa49t4GgMOqOihclfZ8DeeBjxONxB 5G3O3wJVDdsAhGGFmlzE2++WKTEm7ZxxW2H8RTWXVefPjxw9KiIpSIc+I2foIP8m bohvihfoQutJ8xMUKvcGuWPArn1qdZnVxlHzkv6+LzeFNg5MgBefG493A0c75uu7 k/2aZM6zebVf8G+m4mZXWdL7jF5B+sjwVyLLp9gQPouYrckn/5Liks31KEd79gt3 5lUJdecvNLg5WwJ0O4FluMZ9qy9iX/lqI2IsSlux32Ag/roEWU98ntkcCMHIFsgQ VGLk0sZVnn9gQsayNmnfUyWq26jwdTEmWhZaAst36x+vnOhP0SurY3oSTzDeOTVT MzpEGaQfQiHsnZwC4WEgmPh4XO9dA46irxmAFoRKnzXopsA0wEAzlKO3wSHSPZa0 SDZdFJj+NrwUlJ+ru3GvtNFzg61vjdjgB6qq4AsZWjaRMtJ8T+1Vzirra8EzqLN1 ALDiQhfEwZJdF1nEs9C4zH7K2qU9WVDVafinyEh67tKFapaGEkM= =kRPu -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/297d71f7-80ae-27a8-333f-780e88a41e30%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
