Kicksecure ™

Download

On Computer USB Installation Debian morph to Kicksecure Windows (VM) Linux (VM) Mac (VM) VirtualBox (VM) KVM (VM) Qubes (VM) More options Source Code

About

Overview Features Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Forum Best Practices Contribute

Support

Self Support First Policy Search Engines, Docs and AI Support (Limited) Reporting Bugs Contact (Restricted)

Tools Upload file Special pages Recent changes Print VersionDebug Helper Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

General enhancements that would be useful for Qubes Split GPG. Unspecific to Kicksecure.

Questions[edit] Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750#Questions Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Dev%2FSplit_GPG#Questions|Questions]]
Copy as Wikitext Click = Copy Copied to clipboard! [Questions](https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750#Questions)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Questions](https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750#Questions)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750#Questions]Questions[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

• Could /usr/bin/qubes-gpg-client-wrapper used from the gpg client VM be used to delete the keys in the gpg server VM?

Notification Enhancement[edit] Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750#Notification_Enhancement Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Dev%2FSplit_GPG#Notification_Enhancement|Notification Enhancement]]
Copy as Wikitext Click = Copy Copied to clipboard! [Notification Enhancement](https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750#Notification_Enhancement)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Notification Enhancement](https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750#Notification_Enhancement)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750#Notification_Enhancement]Notification Enhancement[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

The current notification...

Keyring access from domain:
work-mail

is not that secure.

• Gets unnoticed when being away. (A compromised VM could wait for that.)
• Mass requests to sign or decrypt could not be stopped early enough.
• Popup not using the Centralized Tray Notification (not yet implemented) - so popups are easily missed when being away for a short time.
• Reading one mail in Thunderbird results in 3 popups flashing up. Users are accustomed to that popup spam. The malicious request could be sneaked in unnoticed into that.

show input to be processed by Split GPG Server[edit] Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750#show_input_to_be_processed_by_Split_GPG_Server Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Dev%2FSplit_GPG#show_input_to_be_processed_by_Split_GPG_Server|show input to be processed by Split GPG Server]]
Copy as Wikitext Click = Copy Copied to clipboard! [show input to be processed by Split GPG Server](https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750#show_input_to_be_processed_by_Split_GPG_Server)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [show input to be processed by Split GPG Server](https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750#show_input_to_be_processed_by_Split_GPG_Server)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750#show_input_to_be_processed_by_Split_GPG_Server]show input to be processed by Split GPG Server[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

The Split GPG server VM could show and request each and every gpg command to be executed.

Purpose:

• Preventing gpg from being exploited by maliciously crafted input by having the user manually have a look if the input looks strange.
• Warn against and give the user a chance to refuse far-past / far-future signature times.

Going to run the following command:

/usr/bin/qubes-gpg-client-wrapper --charset utf-8 --display-charset utf-8 --no-emit-version --no-comments --display-charset utf-8 --batch --no-tty --status-fd 2 --max-output 487200 --decrypt --use-agent

Content of stdin is:

```
-----BEGIN PGP MESSAGE-----
....
-----END PGP MESSAGE-----
```

Okay?
Yes | No [default]

Show processed output of GPG Server VM before relaying back[edit] Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750#Show_processed_output_of_GPG_Server_VM_before_relaying_back Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Dev%2FSplit_GPG#Show_processed_output_of_GPG_Server_VM_before_relaying_back|Show processed output of GPG Server VM before relaying back]]
Copy as Wikitext Click = Copy Copied to clipboard! [Show processed output of GPG Server VM before relaying back](https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750#Show_processed_output_of_GPG_Server_VM_before_relaying_back)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Show processed output of GPG Server VM before relaying back](https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750#Show_processed_output_of_GPG_Server_VM_before_relaying_back)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750#Show_processed_output_of_GPG_Server_VM_before_relaying_back]Show processed output of GPG Server VM before relaying back[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

The Split GPG server VM could show the output of a request before sending it back to the client VM.

Purpose:

• Have the user check if what has been decrypted looks like expected. I.e. seeing an old mail being decrypted that was not requested could alert the user, that the gpg client VM has likely been compromised.
• Have the user only sign documents the user really wanted to sign and not maliciously altered copy.

The output of the following command:

 /usr/bin/qubes-gpg-client-wrapper --charset utf-8 --display-charset utf-8 --no-emit-version --no-comments --display-charset utf-8 --batch --no-tty --status-fd 2 --max-output 487200 --decrypt --use-agent

was:

```
decrypted text goes here
```

Send back to gpg client VM?

Yes | No [default]

Ticket[edit] Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750#Ticket Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Dev%2FSplit_GPG#Ticket|Ticket]]
Copy as Wikitext Click = Copy Copied to clipboard! [Ticket](https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750#Ticket)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Ticket](https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750#Ticket)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750#Ticket]Ticket[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Qubes feature request: split-gpg DispVM preview

Kicksecure A secure by default operating system with the latest security research in place. Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750 Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Dev%2FSplit_GPG|Qubes Split GPG Preview before Signing Enhancement Proposal]]
Copy as Wikitext Click = Copy Copied to clipboard! [Qubes Split GPG Preview before Signing Enhancement Proposal](https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Qubes Split GPG Preview before Signing Enhancement Proposal](https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Dev%2FSplit_GPG?oldid=77750]Qubes Split GPG Preview before Signing Enhancement Proposal[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Dark mode

Follow us on social media

Supported by Power Up Privacy

Kicksecure is proudly supported until 2025 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012- 2025 ENCRYPTED SUPPORT LLC

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!