> ---------------------------------------- > From: Andrew David Wong <a...@qubes-os.org> > Sent: Sat Jun 01 03:33:28 CEST 2019 > To: Side Realiq <siderea...@mailfence.com> > Cc: <qubes-users@googlegroups.com> > Subject: [qubes-users] How to automate cloud backups of trusted vault files? > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 31/05/2019 10.33 AM, Side Realiq wrote: > > Thank you Andrew! > > > > Wouldn't described scenario be mitigated, if one downloads the > > backup in a separate disposable non-internet VM, decrypt it, and > > transfer the decrypted files to the vault? > > > > The problem is that, if the decrypted files have been compromised, they > could compromise the vault when you open them inside the vault. > > P.S. -- Please avoid top-posting. > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org >
But how can the decrypted files be compromised if they were first encrypted first locally and only the encrypted files were uploaded? Attackers should be always able to compromise the encrypted files, and compromise the decrypted files only if they could break the encryption. You mean that qvm-backup could protect you if the attackers break the encryption and put malicious files inside your backup? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1249448060.51611.1559369157145%40ichabod.co-bxl. For more options, visit https://groups.google.com/d/optout.
