I wanted to ask from community here that what is your standard practice when you want to get some files from Vault to like on usb-stick. Is it okay to attach usb stick to Vault VM?
I have read somewhere from Joanna that data flow from untrusted VM to trusted VM may be ok until reverse flow is not possible.
So is it okay to use qubes.clipboard for copy and paste passwords from Vault to like mailvm?
One more Question is that suppose I have different files in different VM and I want to save them on some external media, then Is it okay to save those files with qubes.Filecopy to a single VM which is firewalled with no networking and attaching external media to that VM.
What may be complications for these steps? And what should I avoid among above things to run Qubes in secure way? Thanks guys.
Is it okay to attach usb stick to Vault VM
In short, no.
data flow from untrusted VM to trusted VM may be ok
depends on what you are defining. https://www.qubes-os.org/doc/copying-files/ " one should keep in mind that performing a data transfer from less trusted to more trusted qubes can always be potentially insecure, because the data that we insert might potentially try to exploit some hypothetical bug in the destination qube"
So is it okay to use qubes.clipboard for copy and paste passwords from Vault to like mailvm
This depends on your threat model and if you are happy with putting passwords into clipboards. The global clipboard will be cleared after CTRL-Shift-V in the less trusted mailvm domain. Clear the mailvm clipboard after pasting. https://www.qubes-os.org/doc/copy-paste/
suppose I have different files in different VM and I want to save them on some external media, then Is it okay to save those files with qubes.Filecopy to a single VM which is firewalled with no networking and attaching external media to that VM
In this instance, i would have my external media via the usb qube, then attach that media to an isolated disposable VM, use filecopy to send the files to the disposable and write to external media from there. so yes, your logic seems sound
This blog post is very informative https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html
Then can you propose some secure way for like if I want to have a copy of my .gnupg folder and keepassxc database on external media.
Then What should be best practice to use keepassxc database from Vault VM to like any other Qube to send passwords etc.
Thank you very much for your answer. Really learning things.
Then can you propose some secure way for like if I want to have a copy of my .gnupg folder and keepassxc database on external media.
Pretty much the same as earlier, but in reverse. Create an isolated disposable VM. Attach the external media from the USB qube to that disposable VM. copy the files required into the disposable VM from the USB device, unmount and detach. Then perform validation on the files to make sure you are happy with the data integrity, such as sha256 hashing of each file and comparing hash to the same operation on your trusted source. Once you are happy that you trust the integrity of the files, copy them into the vaultVM.
Also worth re-quoting this; “one should keep in mind that performing a data transfer from less trusted to more trusted qubes can always be potentially insecure, because the data that we insert might potentially try to exploit some hypothetical bug in the destination qube”.
Then What should be best practice to use keepassxc database from Vault VM to like any other Qube to send passwords
that is considered how it’s done. I was just highlighting some do not like password utilities or copy/pasting passwords in their threat model. If your threat model is OK with it, then thats fine. really worth reading the blog post i linked, its robust.
just to troll…if vault has both ‘disk encryption password’ and ‘gmail password’…what will prevent you pasting disk pw in the gmail password box in mailvm and hitting submit before you realize what you did?
Btw I don’t keep disk encryption password written anywhere. ( by anywhere I mean not on any disk/cloud/paper.)
Same goes for keepassxc database master password.
I am still looking for a method like splitGPG if possible for password also, if I understand properly the splitGPG concept.
I strongly recommend the Qubes backup system, which was designed for precisely this type of use case. It performs all of the required authentication and encryption steps for you in a way that makes it hard for you to mess up. (For example, if you’re not sure whether you should encrypt-then-MAC or MAC-then-encrypt, or if you don’t see how it makes a difference, then you should not be trying to take a DIY approach to this stuff with sensitive data.) The Qubes backup system is specifically designed for the scenario in which you need to back up data to some untrusted location (e.g., cloud storage, non-physically-secured external media), then restore it back into Qubes later, in a way that preserves the security properties of both the data and the Qubes installation.