GitHub - marmarek/qubes-app-linux-split-gpg2

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 34 Commits
debian		debian
rpm_spec		rpm_spec
.gitignore		.gitignore
LICENSE		LICENSE
Makefile		Makefile
README		README
qubes.Gpg2.policy		qubes.Gpg2.policy
qubes.Gpg2.service		qubes.Gpg2.service
split-gpg2-client		split-gpg2-client
split-gpg2-client-wrapper		split-gpg2-client-wrapper
split-gpg2-client.service		split-gpg2-client.service
split-gpg2-rc.example		split-gpg2-rc.example
split-gpg2-server		split-gpg2-server
split-gpg2.rb		split-gpg2.rb
test.rb		test.rb

Repository files navigation

==== Copyright ====

Copyright (C) 2014  HW42 <[email protected]>

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

==== About ====

Since Gnupg 2.1.0 the private gpg keys are handled by the gpg-agent. This
allows to split the gpg2 (cmdline tool - handles public keys, etc.) and the
gpg-agent which handles the private keys. Purpose of this project is to split
gpg2 and gpg-agent between two Qubes domains. Since normally the gpg-agent is run
locally no filtering is provided. So to make this a meaningful security feature
the main function is the filtering of the commands from the less trusted domain
running gpg2. The rest are some script to "tunnel" the gpg-agent-commands
through Qubes RPC.

The server is the domain which runs the (real) gpg-agent.
The client is the domain which which access the server via Qubes RPC.

The server domain is generally considered more trustfull then the client domain.
This implies that the response from the server is _not_ santizied.


==== Building ====

=== Debian packages ===

cd /path/to/split-gpg2-source
dpkg-buildpackage -us -uc

=== RPM packages ===

cd /path/to/split-gpg2-source
rpmbuild -ba rpm_spec/split-gpg2.spec
rpmbuild -ba rpm_spec/split-gpg2-dom0.spec


==== Installation ====

Install the the debian or the rpm on your vm-template.

Install the dom0-rpm in dom0. (Or just create a proper
/etc/qubes-rpc/policy/qubes.Gpg2).

Create ~user/.split-gpg2-rc in the server and in the client domain.
See /usr/share/split-gpg2/examples/split-gpg2-rc.example for an example and the
available options.

Enable the split-gpg2-client service in the client domain either via the gui or
via 'qvm-service gpg-client-vm enable split-gpg2'. Restart the client domain.

You should be now be able the run gpg2 in the client domain.