[qubes-users] howto: use qubes split-gpg (pre-gpg v2.1)


I've been testing the current and git version of qubes-app-split-gpg recently, whose specifics aren't currently documented to my knowledge. By reviewing the source code, I've succeeded in getting the version built from git sources working. Using the R2B2 installed version (1.1-1.fc18) continues to give me the following error:

gpg: no valid OpenPGP data found.
gpg: processing message failed: eof

I suspect the package has not been updated mostly due to ticket #474 (future use of gpg v2.1 architecture for split-gpg). However, the current git version of split-gpg appears at least somewhat working. I haven't tried integrating this with such things as Enigmail or other use cases at this point.

That said, for other adventurous folks, here's what I did to get the git version working:

1. built and installed qubes-app-linux-split-gpg from sources (using qubes-builder, documentation elsewhere):

cd qubes-builder/qubes-src/qubes-app-linux-split-gpg
make rpms
qvm-copy-to-vm fedora-18-x64 rpm/x86_64/qubes-gpg-split-1.1-1.fc18.x86_64.rpm

sudo rpm -Uvh --force QubesIncoming/<qubes-builder-vm>/qubes-gpg-split-1.1-1.fc18.x86_64.rpm
shutdown -h now

2. restart all appvms to get changes from the updated fedora template.

3. added following to ~user/.gnupg/gpg-agent.conf in the keyvm (your VM where GPG keys are loaded):

pinentry-program /usr/bin/pinentry-qt4

4. added following to the .bashrc of the appvm that will need access to the keys:

export QUBES_GPG_DOMAIN="<your_keyvm_name>"
alias gpg='qubes-gpg-client --use-agent --no-tty'

# you could also edit /etc/profile.d/qubes_gpg.sh to set your QUBES_GPG_DOMAIN here or in fedora-18-x64 (for all appvms)

I will gladly accept suggested alternate or preferred ways to split-gpg working.

Side note, "make qubes-app-linux-split-gpg-vm" in qubes-builder was not working correctly, which is the reason I was calling "make rpms" in step #1 directly.

Best, TJ.