Kicksecure ™

Download

Debian morph to Kicksecure (Hardware) Windows (VM) Linux (VM) Mac (VM) VirtualBox (VM) KVM (VM) Qubes (VM) USB ISO (coming soon) More options Source Code

About

Overview Features Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Contribute

Support

Free Plus Premium Contact

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

General enhancements that would be useful for Qubes Split GPG. Unspecific to Kicksecure.

Questions[edit]

• Could /usr/bin/qubes-gpg-client-wrapper used from the gpg client VM be used to delete the keys in the gpg server VM?

Notification Enhancement[edit]

The current notification...

Keyring access from domain:
work-mail

is not that secure.

• Gets unnoticed when being away. (A compromised VM could wait for that.)
• Mass requests to sign or decrypt could not be stopped early enough.
• Popup not using the Centralized Tray Notification (not yet implemented) - so popups are easily missed when being away for a short time.
• Reading one mail in Thunderbird results in 3 popups flashing up. Users are accustomed to that popup spam. The malicious request could be sneaked in unnoticed into that.

show input to be processed by Split GPG Server[edit]

The Split GPG server VM could show and request each and every gpg command to be executed.

Purpose:

• Preventing gpg from being exploited by maliciously crafted input by having the user manually have a look if the input looks strange.
• Warn against and give the user a chance to refuse far-past / far-future signature times.

Going to run the following command:

/usr/bin/qubes-gpg-client-wrapper --charset utf-8 --display-charset utf-8 --no-emit-version --no-comments --display-charset utf-8 --batch --no-tty --status-fd 2 --max-output 487200 --decrypt --use-agent

Content of stdin is:

```
-----BEGIN PGP MESSAGE-----
....
-----END PGP MESSAGE-----
```

Okay?
Yes | No [default]

Show processed output of GPG Server VM before relaying back[edit]

The Split GPG server VM could show the output of a request before sending it back to the client VM.

Purpose:

• Have the user check if what has been decrypted looks like expected. I.e. seeing an old mail being decrypted that was not requested could alert the user, that the gpg client VM has likely been compromised.
• Have the user only sign documents the user really wanted to sign and not maliciously altered copy.

The output of the following command:

 /usr/bin/qubes-gpg-client-wrapper --charset utf-8 --display-charset utf-8 --no-emit-version --no-comments --display-charset utf-8 --batch --no-tty --status-fd 2 --max-output 487200 --decrypt --use-agent

was:

```
decrypted text goes here
```

Send back to gpg client VM?

Yes | No [default]

Ticket[edit]

Qubes feature request: split-gpg DispVM preview

---

Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

Kicksecure A secure by default operating system with the latest security research in place.

Dark mode

Follow us on social media

FREE  ·  PLUS  ·  PREMIUM Support

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012-2024 ENCRYPTED SUPPORT LP

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!