|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [MirageOS-devel] MirageOS AppVMs on Qubes
On 11/26/2015 21:38, Thomas Leonard wrote: > On 26 November 2015 at 20:26, Hannes Mehnert <hannes@xxxxxxxxxxx> wrote: >> On 11/26/2015 20:38, Thomas Leonard wrote: >>> What about doing only the agent protocol (mainly PKDECRYPT and PKSIGN)? >> >> What would the benefit be? What would the agent talk to? Where and how >> would keys be stored? > > I was imagining the gpg-agent would run in a Qubes Mirage AppVM, which > would also store the private keys (in a FAT filesystem maybe). When > other (Linux) AppVMs want something signed or decrypted, they run the > regular gpg binary, which calls a gpg-agent stub that uses `qvm-run > mirage-gpg` to get a vchan to the Mirage agent. That way, private keys > never leave the Mirage VM. Sounds doable in less time than I estimated for a full OpenPGP implementation. > Prompting the user for the password might be a problem, but we could > call out to another AppVM for that (or maybe even to dom0). A good setup would be to display the user what they are going to sign (the actual data, not the hash) together with questioning their passphrase. hannes Attachment:
signature.asc _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |