How to install Kleopatra on Qubes OS

Year1qubes · May 28, 2024, 3:16pm

I have experience using Qubes OS but I have never installed any software before.
Can anyone within this community kindly give me a step by step on how to install and run Kleopatra PGP application?
Thank you in advance.

org · May 28, 2024, 3:19pm

Like normal but in the template that your AppVM is based on.

For example, open debian-12-minimal and run apt install kleopatra

Then shut down your template, restart your AppVM and then Kleopatra will be installed.

Year1qubes · May 28, 2024, 3:57pm

I opened terminal Debian 12 entered
apt install Kleopatra

E: could not open lock file /var/lib/dpkg/lock - frontend - open (13 : permission denied)
E: unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock - frontend) , are you root?

apparatus · May 28, 2024, 4:04pm

Use this command:

sudo apt install kleopatra

Year1qubes · May 28, 2024, 4:17pm

The installation completed within the terminal and I shut down debian 12. Now where do I find the Kleopatra app?

apparatus · May 28, 2024, 4:22pm

Check the link posted by @org:

Shut down the template.

Restart all qubes based on the template.

(Recommended) In the relevant qubes’ Settings > Applications tab, select the new application(s) from the list, and press OK. These new shortcuts will appear in the Applications Menu. (If you encounter problems, see here for troubleshooting.)

Year1qubes · May 28, 2024, 4:35pm

Worked thank you

Year1qubes · May 28, 2024, 4:45pm

How do I bring the Kleopatra app over to anon-whonix?

apparatus · May 28, 2024, 4:46pm

Install it in Whonix Workstation template e.g. whonix-workstation-17.

Year1qubes · May 28, 2024, 5:09pm

I installed on whonix-workstation-17 and I shutdown.
Restarted Qubes os, opened up the settings and applications and I do not see the Kleopatra app in the all available applications list.

apparatus · May 28, 2024, 5:11pm

Press the Refresh button in the anon-whonix Settings > Applications tab and check again.

Year1qubes · May 28, 2024, 5:15pm

I appreciate your help I have learned much from our conversation.

dispuser · May 30, 2024, 2:50pm

You may want to consider not connecting the VM containing Kleopatra to the Internet.

If you are typing a message and using PGP in Kleopatra and there’s internet access to the VM, you are increasing your attack surface. Without internet, an attacker would have to attack dom0 or parts of your system that may have priviledges that dom0 has (like Intel ME). It would be much harder for an attacker to do this.

You can download .asc files in a disposible whonix VM and copy them to the Kleopatra VM and then add them that way. There may be other better ways of doing this, but only using Kleopatra while attached to the internet increase the risk of attack, which may be very low for you depending on your threat model.

Year1qubes · June 4, 2024, 3:12pm

When you say copy them to a Kleopatra VM what do you mean?
I have Kleopatra app running in whonix so should I have Kleopatra running on a different template?

tannerlambert · June 5, 2024, 12:44am

This sentence has me worrying that you may execute programs inside of template VMs. Template VMs are only meant to install software, but never execute them. This you do in App VMs.

You can download .asc files in a disposible whonix VM and copy them to the Kleopatra VM and then add them that way.

@dispuser means that you should

start a whonix disposable VM
download the asc files inside of the disposable VM
use qvm-copy file.asc to copy them to a VM of your choice (that has no network)

I’d recommend to invest a bit of time to get familiar with qubes. Its somewhat command line based at times. I have recently written a blogpost about qubes that is targeted at beginner Level experience: How to Create Qubes OS VMs Using the Command Line If you have the time, I’d recommend to read the whole article and try the examples. It will help you to get a better understanding of how qubes VMs are intended, how to install packages and so on.

unman · June 5, 2024, 11:34am

I think that @Year1qubes meant that he should try running Kleopatra in a
qube based on a different template, not that he should run it in a
template. This is a reasonable trouble shooting approach.

In any case there are many cases where you might want to run a program in
a template, e.g. to change configuration, resolve annoying “first use”
prompts, etc etc. Some of these changes will be system wide and will
appear in all qubes using that template, and some will be user based,
and so must be copied in to /etc/skel in the template.

Of course, if running the software is a security risk, this may
compromise every qube that uses the template where you ran it. This is
one reason why you may choose to install it in a cloned template, used
only by qubes where you will run it. (The risk in those qubes is almost
exactly the same.) If there is only one such qube, use a standalone, and
install and configure the software there.

I never presume to speak for the Qubes team. When I comment in the Forum I speak for myself.

Year1qubes · June 7, 2024, 2:00am

Thank you for clarifying Unman

Year1qubes · June 7, 2024, 2:01am

Yes this worked thank you Tanner